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Introducing  an  approach  to  outsourcing 
that  isn’t  merely  collaborative,  it’s  synergistic. 
Beginning  with  a  deep  appreciation  for 
every  client's  unique  strategy,  Accenture  draws 
on  process  experience  gained  from  more 
than  650  outsourcing  engagements  in  more  than 
100  countries.  Result?  Processes  become  more 
efficient  and  productive.  And  that  can  help 
the  whole  organization  perform  as  one. 

Business  Process  Outsourcing 

•  Customer  Contact 

•  Finance  and  Accounting 

•  Fluman  Resources 

•  Learning 

•  Sourcing  and  Procurement 

•  Industry-specific  Services:  Airlines,  Insurance, 

Health,  Pharmaceuticals,  Utilities  and  more 


Application  Outsourcing 

•  Application  Development 

•  Enhancements  and  Upgrades 

•  Application  Maintenance  and  Support 

•  Testing  Services 

•  Capacity  Services 

Infrastructure  Outsourcing 

•  IT  Spend  Management 

•  Data  Center  Services 

•  Service  Desk 

•  Security  Services 

•  Network  Services 

•  Workplace  Services 


Visit  accenture.com/outsourcing 
Consulting  •  Technology  •  Outsourcing 


©2008  Accenture.  All  rights  reserved. 


CA  Security  Management  software  streamlines  your  IT  security  environment  so  your  business 
can  be  more  secure,  agile  and  compliant  without  upsizing  your  infrastructure.  All  with  faster 
time  to  value.  Greater  efficiency  starts  with  more  efficient  IT.  hat's  the  pov\  er  of  lean. 

Learn  more  at  ca.com/security/value 


WiNiNF  R  Magazine  Reader  Trust  Award  for 

Best  Identity  Management  Solution 


Software 
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Target  Practice 

If  you've  ever  played  the  silly,  maddening  game  known  as  “Whac-A- 
Mole,”  you  know  what  futility  feels  like.  As  you  smack  one  mole  with  the 
mallet,  up  pops  another  one.  Their  speed  and  number  escalates  as  you  flail 
away,  trying  to  keep  up. 

At  some  point,  you  realize  there’s  no  hope  of  winning. 

It’s  hard  to  imagine  more  appropriate  imagery  for  our  cover  story  (“Mov¬ 
ing  Target,”  Page  26)  about  the  widespread  frustration  with  mounting 
cybersecurity  threats  and  the  lack  of  an  effective  U.S.  government  response. 
CTO  Daniel  Mintz  of  consulting  firm  CSC  aptly  describes  the  feds’  “  Whac- 
A-Mole  security”  approach  as  one  where  long-term  strategy  takes  a  back 
seat  to  daily  tactical  responses. 

There  are  certainly  high  hopes  for  President  Obama’s  sharpening  focus 
on  cybersecurity.  But  we’re  still  at  the  flailing- away  stage  of  this  game.  Even 
with  at  least  three  dozen  federal  mandates,  laws  and  regulations  govern¬ 
ing  IT  security  around  critical  infrastructure,  no  one  feels  safe  from  the 
potential  of  computerized  attacks  taking  down  electricity  grids,  subways, 
banks  or  even  weapons  systems. 

“I  can’t  think  of  anyone  with  real  knowledge  of  what’s  going  on  who 
would  say  he  feels  confident  in  our  ability  to  defend  ourselves,”  says  John 
Gilligan,  former  CIO  of  the  U.S.  Air  Force.  Now  a  respected  security  con¬ 
sultant,  Gilligan  has  created  a  set  of  20  pragmatic  guidelines  for  defending 
digital  infrastructure. 

Gilligan’s  everyday  controls  (see  Page  30)  are  highly  useful  as  a  risk- 
management  review  of  best  practices  in  monitoring  IT  systems  and  network 
security  (full  details  at  www.gilligangroupinc.com). 

Also  well  worth  your  time  in  this  issue  is  “The  Business  of  IT”  (Page 
22),  a  new  column  by  Albert  R.  Eng,  a  former  CIO  from  the  private  equity 
world  who  now  advises  companies  on  IT  strategy  and  finance.  In  “What 
Your  Budget  Really  Means,”  Eng  candidly  spells  out  why  your  IT  budget 
should  be  structured  into  just  three  categories  of  projects  (strategic,  deferred 
and  lights-on). 

Finally,  I  have  one  more  assignment  for  you:  Go  away.  Take  that  overdue 
vacation.  As  our  experts  advise  in  “Wish  You  Weren’t  Here”  (my  favorite 
headline  of 2009  so  far),  CIOs  need  to  set  a  healthy  example  by  taking  time 
off  to  regroup,  refresh  and  renew. 

So  go,  enjoy  yourselves.  The  moles  will  keep. 


Maryf  ran  Johnson,  Editor  in  Chief,  CIO  Magazine  &  Events 

mfjohnson@cio.com 
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Where  the 
IT  Pros  Are 

What  do  mild-mannered  software  develop¬ 
ers  do  for  extra  cash?  Increasingly,  they're 
taking  over  the  turntables  in  clubs 
and  private  parties,  CIO.com  Senior 
Editor  Meridith  Levinson  reports,  bringing 
their  IT  skills  to  a  whole  new  level.  Read 
how  digital  DJ'ing-playing  and  mixing  MP3s 
using  a  computer  and  special  software-has 
emerged  over  the  last  decade. 
www.cio.com/article/494129 

Meanwhile,  Levinson  says  she's  having 
difficulty  believing  an  ISC-squared  report 
that  80  percent  of  hiring  managers  looking 
to  fill  IT  security  jobs  are  having  a  hard 
time  finding  qualified  candidates.  The 
top  three  reasons,  according  to  the  report: 
Candidates  lack  the  right  skill  set,  there  are 
too  few  qualified  professionals  in  the  hiring 
managers'  area  and  companies  can't  meet 
candidates'  salary  requirements  due  to  bud¬ 
get  constraints.  What  do  you  think? 
advice,  cio.com/node/8001 

Inside  the  Vendor  Mind 

Software  arch-rivals  SAP  and  Oracle  take 

starkly  different  approaches  to  CEO 
succession  planning,  as  do  "frenemies" 
Microsoft  and  Apple,  writes  CIO.com  Senior 
Editor  Thomas  Wailgum.  Who's  right  is  up 
for  debate,  but  one  thing  is  clear:  more 
information  on  who  will  be  steering 
the  ship  is  better 
www.cio.com/article/494128 

On  his  blog,  Wailgum  shares  a  YouTube 
video  poking  fun  at  the  vendor-client 
relationship.  The  video  takes  the  seem¬ 
ingly  normal  business  dealings  between 
two  parties  and  plunks  them  in  real-world 
situations-at  a  restaurant,  in  a  video  store, 
in  a  hair  salon,  advice.cio.com/node/7968 

iPhone-Free  Zone 

Last  month,  Apple  unveiled  its  latest  two 
devices-the  16GB  and  32GB  iPhone  3G  S. 
That's  great  if  you're  an  iPhone  ►►► 
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Deliberately  Innovative 


Unified  communication  vendors  consistently  use  nice  sounding  catch 
phrases  like  "improved  productivity"  and  "anywhere  communications." 
Where's  the  associated  ROI?  It  might  be  there,  but  it  isn't  something  your 
CFO  is  going  to  recognize. 

Today's  technology  investments  require  a  demonstrable,  quantifiable 
return  on  investment.  We  think  Jim  Burton,  CEO  and  co-founder  of 
UCStrategies.com,  said  it  best...  " The  automation  of  key  business 
processes  is  where  enterprises  will  find  the  UC  ROI  they  are  looking  for." 

The  automation  of  core  business  processes  using  proven  communication 
technologies  such  as  presence,  queuing,  recording,  and  monitoring. 
Minimizing  latency  and  human  error,  reducing  overall  processing  time  - 
now  we're  getting  somewhere. 

Learn  more  about  communications-based  process  automation  in  a  FREE 
whitepaper  titled,  "A  new  approach  to  Business  Process  Automation" 
Download  it  at  www.inin.com/CBPA-whitepaper 

www.inin.com 
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FROM  THE  CEO 


Refresh  Your  Mind 

Imagine  walking  down  a  street  in  an  unknown  city  and  with  every 
10  steps,  someone  asks  you  a  question  in  a  different  language.  Being  the 
kind  of  person  you  are,  you  take  the  time  to  listen,  translate  the  bits  you 
can  understand  and  then  answer  each  question  to  the  best  of  your  ability 
and  perspective. 

This  make-believe  scenario  isn’t  so  far  from  the  truth  when  it  comes  to 
the  daily  life  of  today’s  CIO. 

Every  10  steps  down  the  hall,  you’re  being  bombarded  by  a  litany  of 
questions  from  colleagues  who  want  your  unique  perspective  on  how  to 
apply  technology  to  drive  business  value  and  innovation.  This  challenge 
to  provide  ongoing  business  guidance  with  tech-sawy  insight  is  not  only 
necessary  for  a  CIO’s  success,  but  vital  to  every  business  trying  to  navigate 
the  economic  hailstorm. 

This  is  why  I’m  personally  inviting  you  to  attend  our  annual  CIO  100 
Symposium  next  month,  August  23-25,  at  the  Broadmoor  in  Colorado 
Springs,  Colo.  This  year’s  theme  is  “Innovating  for  Customers,  Collabo¬ 
ration  and  Cost  Management,”  and  I  can’t  think  of  a  better  focus  for  the 
sessions  and  speakers  we’ve  assembled.  Along  with  the  chance  to  hear 
about  some  of  most  innovative,  value-delivering  IT/business  projects  of 
the  past  year,  you’ll  also  have  the  opportunity  to  learn  directly  from  some 
of  the  best  in  the  business— CIOs  such  as  Ben  Fried  of  Google,  Ramon  Baez 
of  Kimberly  Clark,  Tom  Conophy  of  InterContinental  Hotels,  Phil  Fasano 
of  Kaiser  Permanente,  Joe  Eng  of  JetBlue,  Randall  Spratt  of  McKesson  and 
many  more. 

They  will  stretch  your  mind  and  fill  your  conference  notebook  with 
actionable  advice  to  apply  immediately  to  your  business.  To  see  the  kind  of 
company  you’ll  be  keeping  at  this  legendary  event,  check  out  our  2009  CIO 
100  winners,  already  posted  on  our  website  ( www.cio.com/ciolOO/2009/1 ). 
They’ll  also  be  featured  in  CIO  next  month. 

A  very  wise  man  once  told  me  that  to  be  a  successful  leader  you  “need  to 
know  what  you  know  and,  more  importantly,  know  what  you  don’t  know.” 
This  is  one  event  where  I  can  promise  you’ll  find  unparalleled  opportunities 
to  share  your  knowledge,  exchange  business  ideas  and  pick  up  new  best 
practices  from  some  of  the  leading  CIOs  in  the  world  today.  Come  join  us! 


Michael  Friedenberg,  President  and  CEO 

mfriedenberg@cio.com 


►  ►►Chatter  Continued  from  Page  4 


fanatic.  But  if  you're  in  the  market  for  a 
different  type  of  smartphone,  CIO 
.com  Staff  Writer  Al  Sacco's  slideshow 
reviews  eight  fresh  alternatives. 

www.cio.com/article/494584 

L  J 

Hang  It  Up 

You've  probably  heard  of  "BlackBerry 
Thumb"-a  condition  similar  to  carpal- 
tunnel  syndrome,  But  now  there's  a 
new  ailment:  cell  phone  elbow 

(officially,  cubital  tunnel  syndrome). 

It's  caused  when  abnormal  pressure  is 
applied  to  nerves  in  the  forearms  for 
extended  periods  of  time,  impeding  the 
flow  of  blood,  leading  to  discomfort  and 
pain.  www.cio.com/article/49471E 

Microsoft's  New 
Reality  Show 

Watch  out  Donald  Trump,  Microsoft 
is  on  your  heels.  Senior  Online  Writer 
Shane  O'Neill  writes  about  the  software 
giant's  new  Web  show,  It's  Everybody's 
Business.  The  program  features  former 
GE  honcho  Jack  Welch  and  his  wife 
Suzy,  giving  guidance  to  real-life  com¬ 
panies  that  are  wrestling  with  business 
and  technology  quandaries. 
www.cio.com/article/495041 

A  No  Tech  Sales  Pitch 

High-tech  sales  pitches  are  so  yester¬ 
day.  The  new  trend?  Engaging  custom¬ 
ers  with  a  whiteboard  and  marker, 
writes  ClO.com's  Wailgum.  He  details 

how  salespeople  at  Software  AG 
took  pen  in  hand  to  boost  sales. 

www.cio.com/article/4946E4 

Track  Your  Tweets 

Ever  wonder  if  that  great  tweet  you 
wrote  got  retweeted  widely?  GO.com 
Staff  Writer  C.G.  Lynch  describes  how 

to  measure  your  Twitter  success. 

www.cio.com/article/494611 


Compiled  by  Associate  Editor  Kristin 
Burnham.  Have  a  comment  about  a 
story  in  this  issue?  Go  to  www.cio 
.com/magazine/070109  or  write  to 
letters@cio.com. 
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CA  Wily  Application  Performance  Management  is  designed  to 
improve  the  performance  and  availability  of  mission  critical  and 
revenue-generating  applications.  So  you  can  quickly  spot  and 
correct  online  production  application  incidents  before  they 
become  customer  problems  —  especially  in  complex  and  high 
volume  transaction  environments.  That's  the  power  of  lean. 

Learn  more  at  ca.com/apm/value 

Copyright  Ci  2009  CA.  All  rights  reserved. 
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Trend:  Warmer 
Data  Centers 

The  68-degree  data  center 
may  be  out  of  style,  says 
Jim  Simonelli,  chief  techni¬ 
cal  officer  at  the  Schneider 
Electric-owned  APC. 

Servers,  storage  and 
networking  gear  are  often 
certified  to  run  in  tem¬ 
peratures  exceeding  100 
degrees,  and  now  IT  pros 
are  becoming  less  stringent 
in  setting  temperature  lim¬ 
its,  he  says. 

According  to  Simonelli, 
data  center  professionals 
could  save  up  to  50  percent 
of  their  energy  budget  just 
by  changing  the  set  point 
for  cooling  from  68  degrees 
to  80  degrees. 

Network  World 

GE  Offers  Loans 
for  E-Health 
Tech  Buys 

GE  announced  it  will  offer 
doctors  and  hospitals  loans 
that  carry  no  interest  until 
the  institutions  start  receiv¬ 
ing  government  money.  The 
loans  are  for  buying  GE's 
Centricity  electronic  health 
records  as  conventional  PC 
software  or  as  a  Web-based 
offering,  solving  the  prob¬ 
lem  of  a  shortage  of  upfront 
capital.  The  New  York  Times 


Stability  for  IT  Budgets? 

IT  budgets  appear  to  be  stabilizing,  according  to  an  exclusive  CIO 
survey,  Among  171  CIOs  who  took  the  survey,  69  percent  said  they 
postponed  discretionary  projects  in  the  past  six  months,  up  from  58 
percent  in  January.  Sixty-four  percent  of  respondents  said  they  froze 
hiring,  up  from  59  percent  in  January.  But  only  3  percent  said  they  still 
have  plans  to  freeze  hiring  before  the  end  of  the  year. 

That  doesn't  mean  IT  spending  is  recovering.  Only  14  percent  of 
CIOs  expect  budget  increases  in  the  next  12  months,  down  from  20 
percent  at  the  beginning  of  the  year.  Hardware  (47  percent),  out¬ 
sourced  IT  services  (40  percent)  and  IT  compensation  costs  (40  per¬ 
cent)  are  the  most  frequently  cited  categories  where  CIOs  are  cutting. 

Those  cuts  may  be  slowing,  however.  Although  more  CIOs  plan  to 
shrink  payroll  than  in  January,  more  also  now  say  that  their  spending  on 
compensation  won't  change.  Fewer  IT  leaders  plan  cuts  to  outsourced 
IT  services,  while  a  higher  percentage  anticipate  no  reductions.  (For 
complete  results,  go  to  www.cio.com/economy_may09.) CIO.com 

Microsoft  User  Group  Demands  Opera  Boycott 

A  Microsoft  enthusiast  group  is  calling  for  the  boycott  of  Opera  Soft¬ 
ware's  products.  According  to  a  blog  post  by  David  Taraso,  editor  of 
the  JCXP  group,  which  hosts  user  forums  about  Microsoft  software, 
the  group  targeted  Opera  because  the  Oslo-based  company  filed  an 
antitrust  suit  against  Microsoft  in  Europe. 

The  suit  which  argues  against  Microsoft's  inclusion  of  the  Internet 
Explorer  (IE)  browser  with  Windows,  has  been  controversial.  The  Euro¬ 
pean  Commission  was  mulling  a  remedy,  dubbed  the  "ballot  screen/' 
that  would  require  PC  makers  to  give  users  other  browser  options. 
According  to  the  JCXP,  the  ballot  screen  option  is  a  "ridiculous  idea" 
that  would  require  Microsoft  to  promote  competing  products  within 
Windows.  As  a  result  of  the  fuss,  Microsoft  said  it  won't  include  IE  8  in 
the  version  of  Windows  7  that  is  sold  in  Europe.  IDG  News  Service 

Nokia  to  Offer  Apps  for  Rural  Mobile  Users 

Nokia  will  roll  out  its  Life  Tools  services  to  more  emerging  markets 
after  a  successful  pilot  in  India,  a  company  executive  said  in  June. 

Services  aimed  at  farmers  include  local  weather  forecasts,  crop 
prices  at  local  markets,  advice  on  growing  crops,  as  well  as  pricing 
information  for  pesticides,  seeds  and  fertilizer.  Services  also  include 
English  lessons  and  advice  on  taking  exams.  IDG  News  Service 

Green  Dam  Maker  Ordered  to  Fix  Security  Holes 

The  head  of  the  company  that  created  the  Web-filtering  software 
that  the  Chinese  government  will  require  on  all  new  PCs  acknowl¬ 
edged  that  the  current  version  of  the  software  contains  security 
flaws.  This  is  the  latest  blow  to  China's  plans  for  the  software,  which 
was  criticized  for  its  potential  to  block  nonpornographic  and  politi¬ 
cally  sensitive  content.  A  U.S.  maker  of  Internet  filtering  software  has 
also  alleged  that  parts  of  Green  Dam's  code  were  stolen  from  its  own, 
similar  program. 

Last  month,  researchers  at  the  University  of  Michigan  said  that 
tests  of  the  software,  called  Green  Dam-Youth  Escort,  found  that 
it  contained  programming  errors  that  would  expose  computers  to 
attack.  The  Wall  Street  Journal 
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to  optimize  productivity 
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Bring  together  the  people  and 
opportunities  that  will  give  your 
business  an  edge. 
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I  Solutions  for  the  New  World 

>  World’s  Farthest  Reaching  Network 
I  Data  Centers  and  Managed  Services 
•  Emerging  Markets  Intelligence 


It's  a  new  world,  new  markets,  new  opportunities.  To  thrive  in  this 
world,  you  need  communications  solutions  that  enhance  collaboration 
and  productivity. 

You  also  need  a  trusted  partner.  Tata  Communications  delivers 
services  across  Network,  Data  Center,  and  Managed  Solutions  for 
Telepresence,  Security,  CDN  and  Applications.  We  provide  unequaled 
global  expertise  and  vertical  intelligence  to  take  your  business  farther. 

It's  a  new  world.  It’s  yours  to  conquer. 


TATA  COMMUNICATIONS 

Taking  You  Farther 


Succeed  in  the  new  world  with 

www.tatacommunications.com/work 


®  2009  Tata  Communications  Ud.  Tata  is  a  registered  trademark  of  Tata  Sons  Limited  used  under  license  try  Tata  Communications  Ltd. 
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books,  blogs  and  the 
latest  research  about  IT, 
management  and  leadership 


Reading 


The  Education  of  an  American  Dreamer 

How  a  Son  of  Greek  Immigrants  Learned  His  Way  from  a 
Nebraska  Diner  to  Washington,  Wall  Street  and  Beyond 

By  Peter  G.  Peterson 

Peterson  chronicles  his  rise  from  a  small  Nebraska  town  where  he 
manned  the  cash  register  at  his  father’s  diner  through  his  tenure 
(and  public  firing)  as  the  youngest  Cabinet  member  in  the  Nixon 
administration,  his  tumultuous  days  at  Lehman  Brothers  and  the 
creation  of  The  Blackstone  Group,  which  made  him  a  billionaire  at 
age  80.  HachetteBook  Group,  2009,  $34.99 


CIO  Dashboard 

Cutting  Through  the  Noise 

By  Chris  Curran 

BLOG  Looking  for  a  list  of  CIOs  to  follow  on  Twitter? 
Chris  Curran,  partner  and  CTO  at  Diamond  Manage¬ 
ment  &  Technology  Consultants,  has  generated  the  “CIO 
Twitter  Dashboard,”  a  compliment  to  his  blog,  which 
covers  such  topics  as  portfolio  management,  Agile 
development  and  social  networking.  The  CIO  Twitter 
Dashboard  is  organized  by  industry,  making  it  easy  to 
search  for  and  follow  those  with  similar  interests  to 
yours,  www.ciodashboard.com/cio-twitter-dashboard 

Why  New  Systems  Fail 

Theory  and  Practice  Collide 

By  Phil  Simon 

BOOK  Some  projects  are  going  to  fail.  But  organizations 
often  lack  the  necessary  framework  to  minimize  the 
chance  of  failure,  says  Phil  Simon,  author  and  indepen¬ 
dent  consultant.  This  book  examines  the  root  causes  of 
project  failures,  provides  case  studies  and  lessons  from 
real  system  implementations  and  offers  pragmatic  advice 
for  deploying  new  systems  and  maintaining  existing 
ones.  AuthorHouse,  2009,  $24.95 

The  Accidental  Successful  CIO 

By  Jim  Anderson 

BLOG  What  can  a  CIO  learn  from  Disney?  According  to 
Jim  Anderson,  who  calls  himself  the  “business  side  of  IT 


expert,”  a  lot  more  than  you’d  think.  (One  of  Anderson’s 
posts  shares  management  tips  from  Disney  CEO  Robert 
Iger.)  Anderson’s  blog  offers  his  insights  into  getting 
business  and  IT  to  work  together  better  and  making  your 
IT  department  a  more  valued  part  of  the  company. 
www.theaccidentalsuccessfulcio.com 

Call  IT  Anything 

By  Dale  Sanders 

BLOG  Dale  Sanders,  CIO  and  VP  of  IS  at  Northwestern 
Medical  Faculty  Foundation,  writes  about  issues  that 
concern  most  healthcare  CIOs,  such  as  the  adoption  of 
electronic  medical  records,  data  warehousing  and  his 
thoughts  about  personalized  medicine. 
callitanything.blogspot.com 

The  Silver  Lining 

An  Innovation  Playbook  for  Uncertain  Times 

By  Scott  D.  Anthony 

BOOK  In  today’s  economy,  executives’  gut  reaction  often 
is  to  freeze  all  spending.  But  that’s  not  the  answer,  says 
Scott  D.  Anthony.  He  shares  how  managers  can  apply 
principles  of  disruptive  innovation  to  manage  the  ulti¬ 
mate  business  paradox:  cutting  costs  while  innovating 
for  growth.  Harvard  Business  Publishing,  2009,  $25 

Compiled  by  Associate  Editor  Kristin  Burnham,  Tell  us  what 
you're  reading.  Go  to  advice.cio.com/blogs/the_techie_ 
reading Jist  or  write  to  lettersig>cio.com. 
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THINK  AGAIN. 


A  recent,  independent  research  study  shows  that  Trend  Micro™  Enterprise  Security,  powered  by  the  Trend 
Micro  Smart  Protection  Network™,  can  lower  your  security  management  costs  by  up  to  40%.  That's  because 
this  next-generation,  cloud-client  security  infrastructure  enables  a  unigue  combination  of  solutions  and 
services  to  stop  threats  before  they  reach  your  network,  significantly  reducing  enterprise  risk  and  productivity  loss. 
Enterprises  around  the  world  are  saving  big  and  you  can,  too.  Run  the  numbers  and  see  how  the  Trend  Micro 
Smart  Protection  Network  can  help  you  reduce  costs  without  compromising  security. 


►  Try  our  free,  online  TCO  impact  calculator  now  at  trendmicro.com/thinkagain 
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Security  Update 
Costs  Soar: 

$793M 

SPENT 

Annually 
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Employee  Productivity  Losses 
Hit  All-Time  High:  Annual 
Costs  to  U.S.  Enterprises 

Over  $1  Billion i 


continued  on  81) 


THINK  SECURITY 


HAS  TO  BE  SO  COSTLY? 


©2009  Trend  Micro  Inc.  All  rights  reserved.  Trend  Micro  and  the  t-ball  logyre  trademarks  or  registered  trademarks  of  Trend  Micro  Inc.  All  other  company  and/or  product  names  may  be  trademarks  or  registered  trademarks  of  their  owners. 
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Camels  have  3  eyelids  to  protect  them  from  blowing  sand. 


They  can’t  always  see  clearly  what’s  in  front  of  them. 

But  you  can.  With  proven  analytics  software  and  services  from  SAS. 


www.sas.com/camels 


WARE  HELPS  COMPANIES  ACROSS  EVERY  INOUSTRY  DISCOVER  INNOVATIVE  WAYS  TO  INCREASE  PROFITS.  MANAGE  RISK  AND  OPTIMIZE  PERFO 


SAS"  Analytics 


THE 
POWER 
TO  KNOW 


Large-scale  forecasting 
Data  and  text  mining 
Model  management 
and  deployment 


Data  visualization 
Optimization 
Quality  improvement 
Statistical  analysis 


ILLUSTRATION  BY  DAVID  PLUNKERT 


Innovation  NYT-Style 

Rapid  development  fuels  the  newspaper's  Web-focused  R&D 

BY  STEPHANIE  OVERBY 


Almost  everybody  has  a  theory  about  how  to  save  the  U.S.  newspaper  industry.  The  only  con¬ 
sensus,  it  seems,  is  that  it  needs  to  change  fundamentally  or  it  could  all  but  disappear.  At  The  New 
York  Times,  tough  times  have  elevated  IT-enabled  innovation  to  the  top  of  the  agenda. 

A  research  and  development  group,  created  in  2006,  operates  as  a  shared  service  across  nearly 
two  dozen  newspapers,  a  radio  station  and  more  than  50  websites.  “Our  role  is  to  accelerate  our 
entry  onto  new  platforms  by  identifying  opportunities,  conceptualizing  and  prototyping  ideas,” 
explains  Michael  Zimbalist,  the  company’s  vice  president  of  R&D. 

Zimbalist’s  staff  of  12  includes  experts  in  rapid  prototyping,  specialists  in  areas  like  mobile 
or  cloud  computing  and  data  miners  who  probe  website  data  for  insight  into  what  visitors  do. 
They  work  within  a  common  framework  based  on  idea  generation,  development  and  diffusion 
throughout  the  business.  Recent  projects  included  prototypes  for  new  display  ad  concepts,  as  well 
as  BlackBerry  applications  for  Boston.com  and  the  expert  site  About.com.  ►  ► 
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12.7%  Q1  smartphone  growth  Partner  •  •  •  •  63%  Manufacturers  who  say  that  failed  suppliers  have  the 
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►  ►  R&D  Continued  from  Page  13 


More 

companies 
say  they'll  spend 
the  next  year 
trying  to  stem 
losses  rather 
than  pursue 
new  sources 
of  revenue 


Numbers  do  not  add  to 
100%  due  to  rounding 


The  team’s  work  is  intended  to  supplement 
and  support  innovation  taking  place  within 
the  business  units.  For  example,  the  team  is 
prototyping  E-Ink,  an  emerging  display  tech¬ 
nology  that  some  business  units  can’t  spare  the 
resources  to  investigate. 

At  NYTimes.com,  CTO  of  Digital  Operations 
Marc  Frons’s  design  and  product  development 
group  worked  with  Zimbalist’s  team  and  Adobe 
developers  on  the  Times  Reader  2.0  application, 
the  next  generation,  on-screen  reading  system 
it  developed  on  the  Adobe  AIR  platform.  Frons 
further  encourages  forward  thinking  among  his 
120-person  team  with  twice-annual  innovation 
contests.  Winners  receive  cash,  recognition  and 
the  resources  to  turn  their  ideas  into  reality. 

Typical  projects  are  measured  against  criteria  like  revenue  poten¬ 
tial  or  journalistic  value.  R&D  projects  aren’t.  “Since  we  build  software, 
there’s  no  huge  capital  investment  up  front,"  Frons  says,  “which  allows 
us  to  experiment.  The  emphasis  is  on  rapid  development.” 

Times  Widgets,  a  widget-making  platform,  was  a  contest  winner, 
as  was  the  recently  launched  Times  Wire,  a  near  real-time  customiz¬ 
able  interface  for  online  content.  “We’re  trying  to  solve  specific  prob¬ 
lems  and  think  about  where  the  business  is  going,”  Frons  says.  The 
company  posted  an  operating  loss  of  $74  million  in  the  first  quarter; 
Frons  is  focused  on  enhancing  revenue,  cutting  costs  and  increasing 
efficiency  through  process  improvements  and  automation. 

Much  of  what  has  come  down  the  innovation  pike  thus  far  at  The 
New  York  Times  can  be  classified  as  process  or  product  innovation. 
Typically,  a  healthy  and  growing  com¬ 
pany  should  be  content  with  focusing 
90  to  95  percent  of  its  innovation  dol¬ 
lars  on  such  core  business  innovation 
and  5  percent  or  10  percent  on  new 
business  models,  says  Mark  Johnson, 
chairman  of  strategic  innovation  con¬ 
sultancy  Innosight.  However,  he  adds,  “The  newspaper  industry  is  in 
so  much  trouble  that  business  model  innovation  is  more  important 
than  ever.” 

Now  is  a  good— and  bad— time  for  fostering  such  innovation. 
“You’ve  got  the  leadership’s  attention  you  need,”  says  Johnson.  “But 
it’s  harder  in  the  sense  that  there’s  an  urgency  to  fix  the  financials, 
and  being  patient  in  the  way  you  need  to  be  for  a  new  business  model 
to  unfold  is  a  very  difficult  thing  to  do.” 

Stephanie  Overby  is  a  freelance  writer  based  in  Massachusetts. 
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Google  Wave 
on  Horizon 

The  new  Google  Wave,  due  out  later  this 
year,  mixes  old  technologies  such  as 
e-mail,  IM  and  online  documents  into  a 
unified,  socially  oriented  view  that  could 
ultimately  change  the  way  we  deal  with 
online  applications  and  information. 

The  idea  behind  Wave  isn't  based  on 
putting  information  into  tidy  folders  like 
you'd  find  on  Microsoft  SharePoint  but 
on  the  notion  of  letting  information  flow 
freely  for  users  to  interact  with  in  real¬ 
time,  like  we  do  on  the  consumer  Web. 

Today,  employees  must  sort  through 
messy  "reply-all"  e-mails  to  engage  with 
content  as  a  group.  Businesses  could 
use  a  technology  like  Wave  to  enable 
employees  to  collaborate  in  a  more 
streamlined  way.  Yet  most  enterprises 
still  remain  years  away  from  switching 
to  this  type  of  information  stream,  tied 
as  they  are  to  their  current  technology 
infrastructures. 

Google  should  (and  likely  will)  try 
to  incorporate  Wave  into  its  enterprise 
business  software,  Google  Apps.  In  the 
end.  Wave's  greatest  asset  could  be  in 
making  all  this  information  more  useful 
from  ties  to  Google's  core  product:  search. 

-C.G.  Lynch 
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THE  BARRIERS  TO  VIRTUALIZATION  FALL  AWAY. 


THE  VIRTUAL.  THE  PHYSICAL 


YOU  COMMAND  THEM  BOTH 


HOW  FAR  WILL  YOU  TAKE  VIRTUAL? 


To  get  the  full  story 
on  your  phone,  snap 
a  picture  of  this  tag. 
(Requires  a  free 
mobile  app  from 
http://gettag.mobi) 


With  Microsoft  Virtualization  you  can  manage  both  physical  and  virtual  Hyper-V  ‘ 
servers  and  desktops  using  the  same  management  platform,  Microsoft  System  Center. 

And  if  you  have  VMware  ESX,  System  Center  can  manage  it,  too.  From  the  datacenter 
to  the  desktop,  you  manage  virtualization  more  powerfully  and  easily  than 
ever  before.  Explore  the  virtual  at  microsoft.com/virtualization 


Microsoft 


Virtualization 
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THE  TOP  LINE  INTERVIEW  ::  Guy  Kawasaki 


nnovation  on  a 


Inspiration  is  free  and  development  tools  are  cheap,  says  the  venture  capitalist 


You  cofounded  Alltop, 
which  aggregates  Web 
content.  How  might  its 
beginnings  illustrate 
an  innovation  lesson? 
We  created  it  because 
we  noticed  that  'popurls', 
a  site  that  aggregates 
business  and  tech  feeds, 
generated  as  much  traffic 
as  Google  for  another  site 
that  we  owned.  Because 
of  this,  we  got  curious 
about  popurls  and  decided 
to  copy  what  it  was  doing. 
The  lesson  here  is  watch 
what  others  do  that  suc¬ 
ceeds  and  don't  be  proud 
about  what  inspires  your 
innovation. 


For  companies  that  are 
interested  in  innovat¬ 
ing  now,  what  would 
you  recommend? 

At  an  intellectual  level,  no 
company  laid  off  its  way 
to  success.  On  the  other 
hand,  it's  easy  for  'experts' 
to  say  that  one  must  keep 
innovating  when  your 
company  is  running  out 
of  cash  since  it's  not  their 
necks  on  the  line.  There 
are  no  magic  bullets.  It's 
just  a  tough  time. 

That  said,  one  assump¬ 
tion  that  companies 
should  not  make  is  that 
money  equals  innovation. 
That  is,  two  guys  or  gals 


in  the  lab  might  create 
the  great  innovation.  It 
doesn't  have  to  be  the 
$10  million  budget  for 
R&D.  I  could  make  the 
case  that  money  can't  buy 
innovation-if  it  did,  then 
large  companies  would 
get  larger  and  startups 
would  never  innovate. 

But  what  if  you're 
stuck  at  a  company 
that  doesn't  want  to 
innovate? 

I'd  say  use  open-source 
tools  to  build  your  proto¬ 
type  at  night  and  on  the 
weekends. 

The  most  beautiful 


trend  in  innovation  is  that 
it's  getting  cheaper  to 
innovate  for  many  types 
of  products.  Two  gals  in 
a  garage  can  do  a  lot  of 
damage  now-indeed, 
this  puts  large  companies 
at  risk.  A  second  beauti¬ 
ful  trend  is  that  you  can 
deploy  innovation  faster 
and  cheaper  now  with 
Web-based  products  and 
services  compared  to 
the  old  days  when  you 
shipped  out  upgrade  kits 
and  manuals. 

-Diann  Daniel 


Read  the  full  version  at  www 
.  cio.com/artide/482ZQ6. 
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NEWMARKETS 

Entertainment 

Superhighway 

With  car-based  TV 
options  expanding,  are 
data  services  next? 


WHO  IS  DOING  IT:  Auto  dealers  are  offering  car  buyers  AT&T's  CruiseCast 
satellite  TV  service.  The  service,  which  launched  in  April,  costs  $28  a  month  for 
22  channels  including  Disney,  MTV  and  MSNBC.  Chrysler  offers  a  competing 
service  from  Sirius  in  selected  models. 

HOW  IT  WORKS:  An  antenna  on  a  car  transmits  broadcasts  to  TV  screens 
through  an  in-car  receiver.  One  tuner  in  the  receiver  limits  screens  to  the  same 
program,  but  multiple  tuners  are  planned  for  viewers  to  choose  separate  pro¬ 
grams.  Signals  could  be  easily  blocked  by  items  like  road  signs,  but  images  are 
buffered  for  up  to  2  minutes  to  offer  a  continuous  flow  of  programming.  RaySat 
provides  the  equipment,  including  a  remote  control,  through  distributors  for 
around  $1,299,  but  it  could  be  available  as  an  option  when  buying  a  car. 

GROWTH  POTENTIAL:  Demand  for  in-car  entertainment  systems  is  grow¬ 
ing,  says  Nick  Cappa,  a  spokesman  for  Chrysler.  But  average  consumers  may 
instead  adopt  video  delivery  over  mobile  Internet  because  of  the  larger  reach 
of  3G  cell  phone  networks,  says  Thilo  Koslowski,  vice  president  of  automotive 
technology  at  Gartner.  CruiseCast  may  extend  beyond  video  to  data  services, 
location-based  advertising,  traffic,  weather  and,  potentially,  high-speed  Inter¬ 
net  access.  -Agam  Shah 
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Veri70nwireless 


Coverage  in  India. 

And  more  than  200  other  countries. 


The  world  is  calling.  Answer  it.  With  Verizon  Wireless,  you  can  call  and  text  in  more  than  200 
countries.  Plus,  with  more  data  coverage  than  ever  before,  you  can  email  and  browse  the 
world  wide  web — around  the  whole  wide  world.  So  before  you  travel  the  globe,  for  business  or 
pleasure,  switch  to  Verizon  Wireless,  America's  Largest  Wireless  Network. 
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BlackBerry  Storm™  $199.99  with  2-yr  activation  on  voice  plan  with  email  feature  or  email  plan. 
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Call  1.800.VZW.4BIZ 


Click  verizonwireless.com/goglobal 


Visit  your  local  Verizon  Wireless  store 


Activation  fee/line:  $35. 

IMPORTANT  CONSUMER  INFORMATION:  Subject  to  your  Major  Account  Agreement  or  Customer  Agreement,  Calling  Plan,  &  credit  approval.  Up  to  $1 75  early  termination  fee/line  &  other  charges. 
Device  capabilities:  Add'l  charges  apply.  Offers  and  coverage,  varying  by  service,  not  available  everywhere.  Network  details  and  coverage  maps  at  verizonwireless.com.  ©2009  Verizon  Wireless. 


VISIBILITY: 


VALUE:  1! 


CA  Spectrum®  solutions  help  you  pinpoint  and  solve  information  flow 
problems  across  the  IT  infrastructure  —  networks,  physical  and  virtual 
systems,  databases  and  applications  —  before  they  impact  your  end  users. 
Eliminate  costly,  labor-intensive  oversight  and  deliver  seamless  service 
with  payback  in  under  a  year.  That's  the  power  of  lean. 


Read  the  IDC  white  paper  on  CA  software  and  ROI  at  ca.com/spectrum/value 

.Copyright  •■^'2009  CA:  All  rights  reserved. 
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leadership  and 
operational  excellence 


Getting  Process  in  Gear 

BPM  truce  welds  IT-business  goals  by  kristin  burnham 

In  2007,  NACCO  Materials  Handling  Group  (NMHG)-a  manufacturer  of  warehouse  trucks  and 
forklifts— was  using  a  manual  system  of  spreadsheets  and  signatures  to  track  design  changes  in  its 
production  line.  Yet  the  company  soon  learned  that  its  lack  of  an  automated  process  was  allowing  for 
missed  signatures,  leading  to  some  defective  designs.  Additional  costs  incurred  from  product  recalls 
forced  NMHG  to  explore  a  new  option:  a  product  lifecycle  management  (PLM)  implementation. 

When  the  team  of  IT  and  business  managers  presented  the  PLM  plan  to  the  CEO,  however,  he 
was  immediately  wary,  recalls  Bob  Shallow,  director  of  global  product  development  processes,  sys¬ 
tems  and  operations.  “This  was  right  on  the  heels  of  a  very  painful  and  expensive  SAP  implementa¬ 
tion,  and  our  CEO  was  a  little  gun  shy  to  spend  a  lot  of  money  on  PLM,”  Shallow  notes.  “So— almost 
by  accident— we  started  talking  about  leveraging  a  [business  process  management]  tool.”  ►  ► 
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►  ►  BPM  Continued  from  Page  19 


That  move  that  would  save  them  millions. 

Shallow,  a  15-year  veteran  of  Ford  Motor  Com¬ 
pany,  learned  about  a  similar,  successful  BPM 
operation  there  using  a  product  from  Lombardi 
Software  called  Teamworks.  So  he  and  his  NMHG 
team  discussed  using  the  same  Lombardi  tool.  They 
estimated  they  could  meet  about  80  percent  of  their 
requirements  at  about  15  percent  of  the  investment 
level,  resulting  in  a  200  percent  ROI.  With  the  PLM 
tool,  the  ROI  estimate  was  in  the  30  percent  range. 
Their  CEO  gave  Shallow’s  team  the  green  light. 

Shallow  next  met  with  Gidu  Sriram,  NMHG’s 
IT  director,  to  discuss  logistics  for  the  implementa¬ 
tion.  Instant  opposition  was  the  reaction  Shallow 
and  his  business-side  team  received  from  Sriram’s 
IT  department.  “There  was  quite  a  bit  of  friction 
between  myself  and  IT  going  into  the  project,”  Shal¬ 
low  recalls,  as  Sriram’s  team  members  felt  that 
an  alternative  tool  should  be  considered.  “All  we 
wanted  was  an  opportunity  to  take  a  look  at  other 
alternatives  in  order  to  make  an  objective  decision, 
rather  than  just  having  someone  tell  us  that  this 
was  the  way  to  go,”  Sriram  explains. 

Sriram  and  Shallow  agreed  to  hear  presenta¬ 
tions  from  Lombardi  and  the  PLM  vendor  and  to 
discuss  their  products.  After  the  meetings,  every¬ 
one  was  asked  for  feedback,  and  Lombardi  emerged 
as  the  overwhelming  winner.  IT  Director  Sriram 
says  that  while  their  initial  meetings  were  tense, 
they  ultimately  learned  to  trust  the  business  more. 
“And  hopefully  we  gave  the  business  confidence  that 
they  can  rely  on  us  to  look  at  projects  objectively,” 
he  adds. 

Since  they  needed  to  demonstrate  the  business 
value  quickly,  the  IT  and  business  teams  agreed  on 
an  aggressive  schedule,  completing  the  project  in 
two  weeks  rather  than  the  more-typical  two  months. 
“My  team  was  tremendously  stretched,  but  we  man¬ 
aged  to  pull  through  and  maintained  a  very  positive 
attitude  to  support  the  business,”  Sriram  says. 

Most  importantly,  the  business  benefits  were 
significant,  with  a  savings  of  $2.5  million  by  choos¬ 
ing  the  BPM  tool  over  the  more  complex  PLM 
system.  NMHG  is  now  able  to  bring  products  to 
market  faster  and  eliminated  recall  costs.  More 
BPM  rollouts  also  followed  the  first  wave,  with 
one  completed  in  May  and  another  scheduled  for 
completion  by  December. 
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Where  Green  IT  Is  No  Fad 

BY  RICK  SWANBORG 


Corporate  sustainability  programs  that 

address  efficiencies  throughout  an  organization 
will  make  the  greatest  impact  overtime.  Following 
that  premise,  Raytheon's  sustainability  initiative 
involves  a  green  IT  strategy  as  one  of  several  ways 
the  company  is  reducing  energy  consumption,  greenhouse  gas 
emissions  and  other  environmental  impacts,  The  company  has 
realized  its  initial  greenhouse  gas  reduction  goal,  with  Ray¬ 
theon  IT  delivering  measurable  environmental  and  operational 
improvements  as  part  of  the  enterprisewide  effort. 

The  Situation:  Approximately  90  percent  of  Raytheon's 
greenhouse  gas  emissions  come  from  energy  consumption. 

As  a  charter  member  of  the  U.S.  Environmental  Protection 
Agency's  Climate  Leaders  program,  Raytheon  committed  to 
reducing  greenhouse  gas  emissions  by  BB  percent  per  dollar  of 
revenue  between  2002  and  2009.  The  company  exceeded  its 
goal  by  realizing  a  38  percent  cut  by  2008,  Raytheon's  green  IT 
strategy  focused  initially  on  the  company's  data  centers,  where 
space  and  power  constraints  offered  opportunities. 

What  They  Did:  Raytheon  virtualized  or  decommissioned 
1,300  servers  and  established  common  database  services  to 
reduce  system  acquisition,  power  and  cooling  costs.  IT  encour¬ 
aged  Raytheon's  businesses  to  use  shared  resources  by 
offering  a  discount  that  trumped  dedicated  resources,  Server 
virtualization  enabled  Raytheon  to  avoid  building  a  major  data 
center  despite  a  25  percent  growth  in  capacity  demand.  Green 
IT  projects  produced  more  than  $11  million  of  savings  in  2008, 
The  company's  IT  project  management  process  now  includes 
power  reviews  to  ensure  that  project  teams  estimate  power 
consumption  of  new  systems  and  work  in  advance  to  achieve 
reductions.  IT  also  helps  other  Raytheon  functions  consider 
how  technology  can  help  them  operate  more  efficiently 
through  automated  energy  management,  reduced  travel  and 
commuting  or  progress  toward  a  paperless  office. 

Why  It  Was  Unique:  By  enveloping  initiatives  like  data  cen¬ 
ter  virtualization  within  a  broader  sustainability  strategy,  Ray¬ 
theon's  green  IT  program  represents  more  than  a  short-term 
means  of  saving  money,  Raytheon's  overarching  commitment 
to  reducing  its  environmental  impact  provides  a  more  compel¬ 
ling  case  for  stakeholders  than  a  technology-focused  program. 

The  Takeaway:  Being  lean  and  green  are  two  sides  of  the 
same  coin,  Raytheon  shows  that  a  continued  focus  can  gener¬ 
ate  tangible,  sustained  benefits  for  both  the  organization  and 
the  environment, 
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Associate  Editor  Kristin  Burnham  can  be  reached 
at  kburnham@cio.com,  Follow  her  on  Twitter  at 
www.twitter.com/kmburnham. 


Rick  Swanborg  is  president  of  ICEX  and  a  professor  at  Boston  Univer¬ 
sity.  A  full  case  study  can  be  found  at  www.icex.com. 


You’ve  spent  millions  on  ECM, 
DBMS,  ERP.CRM,  and  Bl. 

Here’s  how  to  find  the  ROI. 


With  the  Google  Search  Appliance  6.0,  your  users  get  the  results  they 
need  across  all  of  your  repositories,  hundreds  of  file  formats,  dozens 
of  languages,  even  billions  of  documents  -  all  in  less  than  a  second, 
and  with  one  familiar  search  box.  That  gives  you  a  real  return  on 
investment  -  and  on  information. 

Learn  how  the  new  Google  Search  Appliance  6.0  delivers  results  to  your 
users,  and  to  your  bottom  line.  Return  on  information  -  it’s  the  new  ROI. 


www.google.com/gsa 


©  Copyright  2009  Google.  All  rights  reserved.  Google  and  the  Google  logo  are  registered  trademarks  of  Google  Inc. 


What  Your  Budget  Really  Means 

Can  anyone  tell  what  IT  contributes  to  your  business  just  by  looking  at 
what  you  spend?  If  they  can't  you're  less  effective,  by  albert  r.  eng 


Savvy  business  leaders  will  always  support 
wise  IT  spending.  Meanwhile,  astute  financial 
management  of  IT  gives  CIOs  flexibility  to 
respond  quickly  to  corporate  actions  such  as  the 
sale  of  a  business  unit  or  an  acquisition. 

This  makes  a  properly  managed  IT  bud¬ 
get  one  of  the  most  important  components  in 
a  CIO’s  arsenal.  If  you  are  to  survive  scrutiny 
by  business  heads,  executive  peers  or  poten¬ 
tial  acquirers,  you  must  be  prepared  to  prop¬ 
erly  explain  each  cost  allocated,  defend  why 
you  spent  that  money  and  demonstrate  how 
it  benefited  the  business.  In  this  way,  you 
provide  a  quantitative  view  of  IT’s  value. 

No  doubt  you  agree,  yet  many  IT  budgets 
miss  the  mark.  As  a  private  equity  IT  advisor  for  Cerberus 
Capital  Management,  I  examined  dozens  of  IT  budgets  in 
varying  industries.  I  found  many  that  were  so  fragmented 
that  the  details  could  not  be  reconciled  with  aggregate  line- 
items.  In  others,  centralized  costs  were  allocated  equally 
across  lines  of  business  that  used  IT  to  different  degrees 
and  with  varying  benefits.  Many  budgets  didn’t  carry  their 
forecasts  beyond  one  fiscal  year.  Nothing  is  more  disheart¬ 
ening  to  a  major  investor  or  internal  business  head  than 
to  review  a  multimillion  dollar  IT  budget  that  cannot  be 
valued,  explained,  reconciled  and  forecasted. 

That’s  no  way  to  create  confidence.  You  need  to  struc¬ 
ture  your  budget  so  that  your  expenditures  can  be  fully 
explained  and  so  you  have  enough  flexibility  to  handle 
various  corporate  actions  and  reviews. 

Show  Where  the  Money  Really  Goes 

No  matter  how  strategic  IT  is  to  your  company,  from  an 
accounting  or  investment  perspective,  it’s  going  to  be 
treated  as  a  cost  center.  Your  annual  operating  expenditures 
(OpEx)  will  be  rolled  into  the  selling,  general  and  admin¬ 
istrative  expenses  part  of  the  income  statement.  IT  capital 
expenditures  (CapEx)  are  capitalized  on  the  balance  sheet 
and  amortized  over  the  useful  life  of  the  investment. 


Your  IT  budget  is  probably  handled  in  a  similar  way. 
However  without  the  proper  detail  behind  these  gross 
amounts,  assessing  the  quality  of  operations  for  your  IT 
organization  in  a  more  practical  manner  will  be  difficult. 

A  best  practice  is  to  separate  both  CapEx  and  OpEx  into 
three  categories:  strategic,  deferred  and 
lights-on.  Capital  expenditures  that  cre¬ 
ate  future  revenues  should  be  bucketed  as 
strategic.  Capital  projects  that  you  didn’t 
implement  (due  to  budget  cuts  or  other 
cost-containment  reasons)  but  which  are 
necessary  for  growth  should  be  categorized 
as  deferred.  Finally,  spending  as  a  part  of 
annual  refresh  projects  should  be  catego¬ 
rized  as  lights-on.  Operational  expenditures 
should  be  treated  the  same  way:  Remember  that  all  capital 
expenditures  result  in  ongoing  expenses. 

How  you  categorize  your  expenditures  can  affect  your 
company’s  valuation.  During  an  acquisition,  for  example,  a 
significant  amount  of  deferred  capital  spending  may  lower 
the  company’s  overall  value  from  a  buyer’s  perspective.  A 
large  amount  of  deferred  CapEx  indicates  that  the  com¬ 
pany’s  overall  investment  in  technology  has  not  kept  pace 
with  the  company’s  business  plan,  corporate  strategy  or 
comparative  industry  capability.  These  technology  costs 
could  be  assumed  by  the  buyer. 

No  one  is  expecting  to  review  an  “nth”  degree  of  detail, 
but  you  have  to  choose  the  amount  of  detail  that  will  give 
other  business  leaders  confidence  that  they  know  the  total 
cost-benefit  of  operations  at  a  product  or  service  level. 

A  sound  and  detailed  budget  provides  an  important 
lens  into  the  performance  of  the  IT  organization.  For  the 
CIO,  financial  management  habits  and  overall  acumen  may 
be  the  tipping  point  in  deciding  whether  he  or  she  is  invited 
to  the  party  at  the  executive  table  or  left  in  the  dark. 


Albert  R.  Eng  advises  companies  on  IT  strategy,  offshoring, 
operations  turnaround  and  post-acguisition  activity.  Contact  him 
at  aeng@cerbadvisory.com, 


A  significant 
amount  of 
deferred  capital 
spending  may 
lower  your 
company's 
overall  value 
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Fujitsu  recommends  Windows  Vista®  Business  for  business  computing. 
Fujitsu  recommends  Windows  Vista®  Home  Premium  for  personal  computing. 
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h  Windows  Vista 


Business 


MOBILE  COMPUTING 


When  your  life  is  caffeinated,  you 
need  a  notebook  that  keeps  up. 


cO  Bis 

SOLUTIONS  SERVERS 


YOU 


cP 

Fujitsu  gives  your  mobile  computing  a  serious  boost — from 
ultra-portables  that  won’t  weigh  you  down  to  powerful  desktop 
alternatives  and  everything  in  between  like  the  Fujitsu  Lifebook® 
T501 0.  With  Intel®  Centrino®  2  Processor  Technology  for  power, 
connectivity  and  long  battery  life,  and  with  genuine  Windows 
Vista®  Business  to  stay  connected,  stay  productive,  and  stay 
away  from  the  office;  you’ll  be  hooked. 

►  See  what  Fujitsu  is  brewing. 


PC  Connection  Insight 

©  2009  Fujitsu  America,  Inc.  All  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  LifeBook  are  registered  trademarks  of  Fujitsu  Limited.  Intel,  the  Intel  logo.  Centrino  and 
Centrino  Inside  are  trademarks  of  Intel  Corporation  in  the  U  S.  and  other  countries.  Microsoft.  Windows  and  Windows  Vista  are  registered  trademarks  of  Microsoft 
Corporation.  All  other  trademarks  are  the  property  of  their  respective  owners. 
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BY  JUAN  CARLOS 
PEREZ 


Capacity  Manager 

job  description:  A  capacity  manager  makes  sure  a  com¬ 
pany  has  the  right  amount  of  IT  resources  to  support  the 
business-not  more,  not  less.  It's  their  job  to  determine 
if  the  current  IT  infrastructure  is  being  utilized  optimally 
and,  if  not,  what  changes  should  be  made.  "It's  a  unique  job 
within  IT,  The  capacity  manager  is  responsible  for  monitor¬ 
ing,  analyzing  and  projecting  whetherthe  organization 
has  sufficient  computing  capacity  to  do  what  it  needs  to 
do,"  says  Dave  Van  De  Voort,  a  principal  at  Mercer. 
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why  you 
need  one: 

"If  you  aren't  doing  capac¬ 
ity  management,  you're 
likely  to  either  underin¬ 
vest  in  IT,  which  will  affect 
your  operations,  or  you'll 
have  excess  capacity  and 
overspend  in  systems 
you  don't  need,"  says 
Van  De  Voort,  Striking 
this  balance  is  critical  for 
competitive  reasons,  says 
John  Estes,  vice  president 
at  Robert  Half  Technology. 
"The  more  efficient  you 
can  be  with  your  IT  assets, 
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$105,000  to 
$125,000 


the  more  flexibility  you'll 
have,  either  by  being 
more  efficient  with  what 
you've  got  or  by  purchas¬ 
ing  new  products."  The 
rapid  adoption  of  virtu¬ 
alization  technology,  the 
cloud  computing  trend 
and  the  pressure  on  CIOs 
to  get  the  most  return 
on  investment  from  IT 
purchases  have  helped 
to  make  this  a  "hot  job"  in 
recent  years. 

desired  skills: 

A  strong  technical  back¬ 
ground  in  key  aspects  of 
IT  infrastructure,  includ¬ 
ing  desktop  hardware, 
enterprise  applications, 
databases,  storage,  net¬ 
works  and  all  types  of 
servers,  Must  be  good  at 
budgets  and  math,  since 
forecasting,  statistical 
analysis  and  modeling  are 
part  of  the  job.  Six  years 


of  related  experience  is 
generally  required. 

how  to  find  one: 

Look  for  candidates  in 
companies  that  make 
strong  IT  investments 
and  view  IT  as  a  vehicle 
for  gaining  a  competitive 
edge,  not  as  an  expense 
item,  Consider  IT  consul¬ 
tants  who  are  employed 
by  large  vendors  like  EMC, 
Oracle  and  SAP,  says  Carlo 
Carbetta,  vice  president  of 
operations  development 
at  CIO  Partners, 

what  to  look  for: 

"You  want  someone  who 
is  highly  detailed  in  their 
work,  very  influencing, 
engaging  and  people 
oriented,"  Carbetta  says 
They  must  be  able  to 
explain  technology  to 
business  managers  and 
relate  it  to  business  plans 


and  goals.  Strong  lead¬ 
ership  skills  are  key.  "IT 
propeller-heads  will  prob¬ 
ably  be  overwhelmed  in 
this  position,"  says  Evelyn 
Hubbert,  a  Forrester 
senior  analyst.  Candi¬ 
dates  should  be  process 
oriented. 

elimination 
round: 

Ask  candidates  their 
perspective  on  service 
management,  "Capacity 
managers  need  a  service 
attitude  to  understand 
what  is  wanted  by  the 
lines  of  business  and 
what  IT  can  deliver," 
says  Hubbert. 
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growing 
your  own: 

Good  internal  candi¬ 
dates  include  network 
administrators  or  engi¬ 
neers  who  moved  up 
to  business  analysts 
or  project  managers 
involved  with  perfor¬ 
mance  tuning,  forecast¬ 
ing  and  management. 

They  must  have  "a 
good  nose  for  the  tech 
aspect  of  performance 
management  and  capac¬ 
ity  planning,  but  also 
understand  the  big  pic¬ 
ture  and  how  what  they 
do  relates  to  the  bottom 
line,"  Estes  says. 
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CIOs  -  now  is  the  time  to  act. 


The  current  economy  is  creating  enormous  motivation 
to  reduce  costs  and  streamline  business  processes 
while  maintaining  market  share.  But  change  can  be 
challenging.  That’s  why  more  FORTUNE  500®  executives 
are  calling  on  ACS  to  accelerate  changes  required  to 
survive  and  succeed  in  a  tumultuous  economy. 

As  we  deliver  non-core  business  functions  across 
a  range  of  disciplines,  our  clients  benefit  from 
standardized  and  streamlined  processes  -  performed 
impeccably.  The  result:  Creating  a  powerful  upside  to  the 
current  downturn. 

Information  Technology, 

Customer  Care,  Document  and  Data  Management, 
Finance  and  Accounting,  Human  Capital  Management, 
Transaction  Processing 


acs-inc.com/3things 

877-414-2676 


expertise  in  action™ 


COVER  STORY  ::  Security 


President  Obama  aims  to  fix  U.S.  cybersecurity. 
Will  his  plan  hit  the  mark? 

BY  KIM  S.  NASH 


We’re  not  as  safe  as  we  think.  From  the 
electricity  grid  to  the  banking  system 
to  the  defense  contractors  building  our 
most  sophisticated  weapons,  comput¬ 
ers  running  the  nation’s  critical  infra¬ 
structure  see  relentless  attacks  from 
criminals  and  countries  alike.  Some¬ 
times  we  hear  about  it,  sometimes  we  don’t. 

In  the  last  year,  the  Federal  Aviation  Administration  (FAA),  the  Depart¬ 
ment  of  Defense  (DoD)  and  the  ATM  banking  system  have  all  been  attacked 
in  concerted,  organized  ways  by  people  who  have  yet  to  be  apprehended. 
Hardening  critical  infrastructure  systems  in  industries  as  diverse  as 
defense,  electricity,  financial  services  and  telecommunications  will  take 
millions  of  dollars,  perhaps  many  years  and  massive  political  clout.  Presi¬ 
dent  Barack  Obama  says  he  wants  to  do  it.  IT  leaders  want  to  know  how. 

“I  would  be  looking  for  a  path  and  partnership,”  says  Bruce  Larson,  for¬ 
mer  security  director  at  American  Water  Works,  a  $2.3  billion  utility  that 
serves  32  states  and  part  of  Canada.  Part  of  the  problem  is  that  govern¬ 
ment  and  industry  don’t  share  enough  information,  he  says.  “Government 


HAPPY 

BIRTHDAY, 

AMERICA. 
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Bruce  Larson,  former 
security  director  at 
American  Water  Works, 
thinks  market  forces 
can  provide  incentives 
for  companies  to 
monitor  themselves. 
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TOUGH  WORK  AHEAD 
TO  DEFEND  DIGITAL 
INFRASTRUCTURE 

Obama  review  defines  the  agenda  for  new 
cybersecurity  post 

Soon  after  he  took  office.  President  Obama  asked  for  a  wide  review 
of  the  federal  IT  security  landscape.  The  review's  purpose:  to  assess 
what  laws  and  regulations  exist  how  effective  they  are,  what  needs 
to  be  changed  and  how  government  can  work  with  corporations  to 
protect  the  country  and  share  technology  ideas. 

The  review,  released  in  May,  found  250  points  to  address  in  areas  ranging 
from  simply  educating  the  public  about  cybersecurity  to  the  more-complex 
and  politically  contentious  issues  of  building  a  secure  identity  management 
system  and  devising  a  "cyber  incident  response"  policy  similar  to  how  the 
White  House  monitors  terrorist  attacks  and  natural  disasters.  At  a  press  con¬ 
ference  to  release  the  review,  Obama  defined  the  digital  infrastructure  as  a 
"strategic  national  asset,"  the  defense  of  which  should  be  a  national  priority. 

A  privacy  and  civil  liberties  official  should  be  added  to  the  National 
Security  Council,  the  review  also  advised.  And  to  promote  U.S.  use  of  "game¬ 
changing  technologies,"  more  shared  government-private  sector  research 
and  development  should  be  done. 

The  review  didn't  bowl  over  many  security  experts  who  have  been  calling 
for  similar  changes  for  years,  Indeed,  the  Center  for  Strategic  and  Interna¬ 
tional  Studies  released  a  report  in  December  saying  much  the  same  thing, 
done  by  fewer  people  in  less  time.  The  big  news  was  Obama's  creation  of  the 
position  of  Cybersecurity  Coordinator,  reporting  to  him  and  belonging  to  both 
the  national  security  staff  as  well  as  the  National  Economic  Council. 

It's  the  cross-agency  reach  and  Obama's  pledge  to  work  closely  with  the  pri¬ 
vate  sector  that  will  make  the  "cybersecurity  czar"  (who  had  not  been  named 
at  press  time)  successful,  says  Eugene  Schultz,  CTO  of  consultancy  Emagined 
Security.  "Odds  are  higher  that  we  will  have  sane  management  of  this," 


needs  information  from  the  private  sector 
about  how  bad  [corporate  vulnerabilities  are] 
and  what  the  impact  could  be.  And  the  private 
sector  needs  information  about  what  the  real 
threat  might  be.” 

CIOs  know  that  addressing  security  problems 
is  expensive  and  largely  thankless.  Few  leaders 
get  pats  on  the  back  for  preventing  crimes  and 
breaches.  Some  CIOs  are  wary  of  government 
getting  too  involved  in  dictating  technology  stan¬ 
dards  and  choices.  But  increasing  threats  bring 
an  urgent  need  for  change  in  both  corporate  and 
government  realms,  says  Paul  Kurtz,  a  partner  at 
security  and  counterterrorism  firm  Good  Harbor 
Consulting.  Kurtz  is  a  former  senior  advisor  to 
former  Presidents  Bill  Clinton  and  George  W. 

Bush  on  national  and  homeland  security. 

“For  every  month  that  passes  without  real 
leadership  and  decisive  action  on  part  of  gov¬ 
ernment,  we  hemorrhage  billions  in  intellectual 
property  stolen,”  Kurtz  says.  “Critical  systems 
that  support  power,  oil  and  gas,  aviation,  military 
operations— they  are  all  placed  at  risk.” 

What's  Going  Wrong 

Last  November,  in  what  the  Federal  Bureau  of 
Investigation  (FBI)  calls  a  “coordinated  attack” 
on  automated  teller  machines  in  major  cities,  a 
‘criminal  organization”  used  100  fake  payroll 
and  gift  cards  to  steal  $9  million  in  30  minutes. 

The  FBI  has  issued  a  plea  for  help  identifying 
men  in  images  caught  on  video  surveillance 
cameras  in  Atlanta. 

U.S.  financial  systems,  of  course,  are  a  favorite 
target  of  both  casual  and  serious  hackers.  The 
worry  is  that  focused  attacks  will  hit  the  17  other 
sectors  deemed  critical  infrastructure,  which 
include  energy,  agriculture,  transportation,  telecommunications, 
health  care,  defense  contractors  and  nuclear  facilities.  As  compa¬ 
nies  collaborate  over  the  Internet,  and  core  IT  systems  rely  more 
on  the  public  network,  vulnerabilities  increase.  Threats  to  federal 
and  infrastructure  IT  systems  “are  evolving  and  growing,”  says 
the  Government  Accountability  Office  (GAO).  Security  incidents 
reported  to  US-CERT,  a  government  organization  that  tracks 
security,  tripled  from  5,500  in  2006  to  16,800  last  year. 

In  April,  for  example,  government  officials  confirmed  that 
since  2007,  hackers  have  been  slipping  into  computer  systems 
behind  the  Joint  Strike  Fighter  weapons  project.  They  gained 
access  through  defense  contractors  on  the  project,  which  Lock¬ 
heed  Martin  is  leading.  Through  these  private-sector  entry 
points,  the  spies  have  gotten  away  with  several  terabytes  of 
design  and  electronics  system  data,  the  officials  told  The  Wall 
Street  Journal.  The  invaders  are  thought  to  be  in  China. 

In  February,  a  FAA  website  was  hacked,  exposing  data  on 
48,000  current  and  former  employees,  according  to  a  recent 
audit  by  the  Office  of  Inspector  General  (OIG).  And  in  2008,  the 
OIG  says,  hackers  took  over  FAA  servers  in  Alaska,  discovered 
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the  password  of  an  administrator  in  Oklahoma  and  got  access 
to  40,000  FAA  user  names  and  passwords.  Security  testing  as 
part  of  the  audit  identified  763  high-risk  vulnerabilities,  such 
as  computers  that  allowed  the  remote  execution  of  commands 
that  could  shut  systems  down  or  reveal  sensitive  data. 

The  Central  Intelligence  Agency  has  revealed  that  hackers 
have  caused  power  outages  by  breaking  into  the  electricity  grid 
in  unnamed  countries  outside  the  United  States.  This  month, 
the  North  American  Energy  Reliability  Corp.  (NERC)— the 
U.S.  electricity  industry’s  biggest  trade  group— starts  audit¬ 
ing  power  companies  to  ensure  they  register  critical  cyber¬ 
assets  and  comply  with  federal  and  NERC’s  own  measures 
to  protect  them.  In  an  April  letter  to  members,  NERC’s  chief 
security  officer  warns  of  “the  potential  for  the  simultaneous 
manipulation  of  all  devices  in  the  substation  or,  worse  yet,  across 
multiple  substations.” 

“I’m  not  trying  to  be  a  doomsdayer,”  says  John  Gilligan,  former 
CIO  of  the  U.S.  Air  Force  and  a  former  executive  specializing  in 
telecommunications  security  at  SRA  International.  “But  I  can’t 
think  of  anyone  with  real  knowledge  of  what’s  going  on  who 
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would  say  he  feels  confident  in  our  ability 
to  defend  ourselves.” 

Now  an  independent  consultant,  Gil¬ 
ligan  recently  produced  what  he  calls  the 
Consensus  Audit  Guidelines,  one  of  many 
proposals  for  fixing  federal  and  criti¬ 
cal  infrastructure  security  now  zinging 
around  Washington  (see  “5  Security  Priori¬ 
ties,”  at  right).  What  has  bothered  Gilligan 
throughout  his  decades  in  IT,  he  says,  is 
how  many  different  computing  standards, 
mandates,  regulations  and  laws  govern  dif¬ 
ferent  parts  of  the  government  as  well  as 
critical  infrastructure  companies. 

At  least  34  federal  mandates,  regula¬ 
tions  and  laws  apply  to  the  IT  inside  com¬ 
panies  that  touch  critical  infrastructure  in 
the  United  States,  according  to  the  GAO. 

What’s  more,  it’s  a  collection  of  rules  that 
no  one  person,  or  even  one  agency  or 
department,  oversees.  The  assortment 
includes  the  Food  and  Drug  Administra¬ 
tion,  Office  of  the  Comptroller  of  Currency, 

Securities  and  Exchange  Commission, 

Federal  Energy  Regulatory  Commission 
and  the  Departments  of  Treasury,  Home¬ 
land  Security  and  Interior.  Fragmentation 
means  security  standards  across  indus¬ 
tries,  measured  and  monitored  uniformly, 
don’t  exist.  Therefore,  neither  does  a  good 
answer  to  the  question,  “How  secure  is 
the  U.S.  digital  infrastructure?” 

Gilligan,  like  other  security  gurus, 
supports  the  idea  of  an  official  to  coordi¬ 
nate  cybersecurity  and  related  efforts,  but 
warns  it’s  a  big,  political  job  to  rationalize 
the  crazy  quilt  of  security  mandates.  The 
official  must  coordinate  various  federal 
bodies  as  well  as  private  industry  and 
academia.  “Doing  this,  we  would  begin 
to  have  a  cohesive  strategy,”  Gilligan  says. 

“Right  now,  it’s  free  agents”  working  for 
their  own  organizations’  interests. 

Formulating  long-term  strategy  gets 
pushed  aside  when  the  focus  is  on  deal¬ 
ing  with  daily  tactical  issues  or  “Whac-A- 
Mole  security,”  says  Daniel  Mintz,  a  CTO 
at  consulting  firm  CSC  and  former  CIO 
at  the  U.S.  Department  of  Transportation 
(DoT).  “The  current  approach  of  trying  to  do  everything,  every¬ 
where,  results  in  accomplishing  little,  anywhere,”  he  says. 

Last  year,  under  George  W.  Bush,  the  government  devised  a 
cybersecurity  plan  called  the  Comprehensive  National  Cyber 
Security  Initiative,  aimed  mainly  at  protecting  systems  related 
to  the  Department  of  Homeland  Security.  That’s  a  narrow  swath 
of  cyberspace  and,  because  the  work  is  classified,  it’s  hard  to  tell 
how  effective  it’s  been.  Obama  has  pledged  to  be  “transparent” 


SECURITY 

PRIORITIES 

A  former  Air  Force  CIO  highlights  practical 
defenses  against  system  attacks 

Gaining  attention  for  advocating  a  practical  shift  in  how  IT 
leaders  think  about  security,  the  Consensus  Audit  Guidelines 
offer  20  controls  to  measure  and  monitor  IT-system  and  net¬ 
work  security.  Though  worries  about  increased  cost  often 
accompany  any  notion  of  improving  security,  John  Gilligan, 
a  consultant  who  developed  the  guidelines,  says  he  imple¬ 
mented  a  subset  of  the  controls  when  he  was  the  Air  Force 
CIO  (from  2001  to  2005)  and  saved  money  on  IT  and  risk 
management.  Gilligan's  recommendations  include: 


Know  your  network.  Inventory 
all  devices  on  your  network  with 
an  asset  recovery  tool.  Record 
network  addresses,  machine  names, 
the  purpose  of  each  device  and  person 
responsible  for  it.  Encrypt  this  informa¬ 
tion.  Likewise,  devise  an  encrypted  list 
of  software  authorized  to  run  on  your 
network.  Periodically  test  your  software 
inventory  tool  by  deploying  new  soft¬ 
ware  to  see  when  it's  detected.  Note  the 
delay;  that's  a  vulnerable  time. 


4: 


Be  suspicious.  Set  audit  logs 
t  to  record  dates,  time  stamps 
and  source  and  destination 
addresses  for  each  piece  of  software. 
Devise  profiles  of  common  activity  and 
tune  logs  to  look  for  anomalies.  Deploy 
firewalls  to  look  for  common  Web 
attacks,  Test  source  code  for  malware 
and  backdoors  before  deploying. 


2 


5 


Test  and  verify.  Document  and 
test  security  settings  on  system 
images  before  deploying  laptops, 
workstations  and  servers.  Sample  sys¬ 
tems  once  a  month  to  see  that  settings 
are  correct.  Store  master  images  on 
secured  servers  or  offline  machines. 


3 


Seize  control.  At  network 
connection  points,  implement 
filters  to  allow  use  of  only  those 
ports  and  protocols  with  a  documented 
business  need,  Use  two-factor  authen¬ 
tication  and  encrypted  sessions  on 
all  network  devices.  Require  people 
logging  in  remotely  to  use  two-factor 
authentication,  too. 


Watch  your  back.  Run  vulner¬ 
ability  scans  at  least  weekly 
(preferably  daily).  Compare 
sequential  scans  to  ensure  previous 
problems  were  addressed.  Install  critical 
patches  within  a  week.  Report  daily  on 
locked-out  and  disabled  accounts,  as 
well  as  accounts  with  passwords  set  to 
never  expire  or  with  passwords  exceed¬ 
ing  maximum  age,  Get  explanations 
for  these  accounts.  Check  machines 
daily  and  push  out  updates  for  malware 
protection, 

For  more  details  about  these  and 
the  rest  of  the  guidelines  as  well 
as  an  explanation  of  how  attackers 
exploit  the  lack  of  each  control,  visit 
www.gilligangroupinc.com. 

-K.5.N. 


about  the  process  and  seek  out  advice  from  the  private  sector.  But 
the  idea  of  government  imposing  new  rules  for  industry  sends 
up  a  red  flag  for  some.  Industry  can  usually  patrol  itself,  main¬ 
tains  Larson,  the  former  security  director  at  American  Water, 
provided  there  are  market  incentives  to  do  so.  “If  you’re  a  large, 
publicly  owned  entity,  your  board  is  not  going  to  let  you  get  away 
without  identifying  risks  and  mitigating  them.  That’s  market 
forces  at  work.” 
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"Government  needs  information  about 
how  bad  [corporate  vulnerabilities  are]. 
And  the  private  sector  needs  information 
about  what  the  real  threat  might  be." 

-Bruce  Larson,  former  security  director  at  American  Water  Works 


The  Changing  Threat 

When  government  officials  officially  talk  security,  most  of  the 
scenes  they  paint  involve  malicious  people  taking  down  major 
systems.  In  turn,  we  are  assured  that  government  and  corporate 
entities  have  reliable  backups. 

But  that’s  not  the  way  cyberattackers  are  behaving,  says 
Eugene  H.  Spafford,  executive  director  of  the  Center  for  Educa¬ 
tion  and  Research  in  Information  Assurance  and  Security.  The 
center  is  affiliated  with  Purdue  University  where  a  year  ago,  then- 
Senator  Obama  held  a  summit  on  security  challenges.  A  trend 
security  experts  say  is  more  insidious  is  attacks  that  come  as 
subtle  changes  to  data  rather  than  complete  denial  of  service. 

Corrupting  data  in  the  financial  system  by  introducing 
errors  would  spread  fear  about  the  accuracy  of  bank  records. 
People,  perhaps  countries,  now  distrustful  of  the  system  would 
pull  their  money  out  en  masse.  Computer  break-ins  that  mess 
with  the  electric  grid  or  the  healthcare  system  or  the  air  traffic 
control  system  could  kill  people,  Spafford  says. 

“Suppose  all  the  flight  control  systems  get  altered  to  direct 
planes  into  each  other  rather  than  have  the  screens  go  blank,” 
he  says.  So  far,  such  a  calamity  hasn’t  happened.  But  if  it  did, 
Spafford  adds,  “the  result  would  be  a  lack  of  confidence  in  the 
system  even  when  it  was  restored.” 

Covering  the  most  critical  security  gaps,  not  just  the  obvi¬ 
ous  ones,  then,  becomes  imperative,  Gilligan  says.  “Especially 
in  today’s  environment,”  he  says,  “it  wouldn’t  take  much  to  push 
us  even  further  into  recession  or  depression.” 

Corporate  IT  leaders  can  adopt  some  protection  methods 
commonly  used  by  government,  such  as  encrypting  sensitive 
data  as  well  as  application  software  when  doing  backups.  But 
other  tactics  don’t  make  sense  in  the  corporate  realm. 

At  the  U.S.  Department  of  Defense,  for  example,  just  10  of  its 
thousands  of  computing  sites  are  connected  to  the  Internet,  says 
Rear  Admiral  Elizabeth  Hight,  vice  director  of  the  Defense  Infor¬ 
mation  Systems  Agency,  which  supplies  much  of  the  infrastruc¬ 
ture  IT  to  the  DoD. 

Fewer  connections  to  the  public  networks  mean  fewer  points 
of  vulnerability,  Hight  says.  But  today,  keeping  a  company  off  the 
Internet  probably  means  putting  a  company  out  of  business. 

Practical  Solutions 

So  what  to  do?  One  proposal  gaining  attention  in  Washington 
is  the  Consensus  Audit  Guidelines.  Gilligan  worked  to  develop 
them  with  security  research  and  training  group  The  SANS 
Institute,  the  Center  for  Strategic  and  International  Studies,  as 
well  as  other  security  experts  and  practitioners  inside  and  out¬ 


side  government.  The  guidelines  emphasize  simplicity.  Rather 
than  dive  deep  into  technology  or  debate  which  agency  should 
oversee  another,  the  guidelines  put  forth  20  basic  management 
and  process  ideas,  the  underlying  principle  of  which  is  frequent 
monitoring  and  measuring  of  whatever  you’re  doing  to  thwart 
the  most  common  patterns  of  cyberattack. 

The  guidelines,  says  Eugene  Schultz,  CTO  of  consulting  firm 
Emagined  Security,  “are  about  how  you  perceive  the  problem  and 
how  you  manage  it  with  limited  resources.  It’s  very  real-world.” 

That’s  a  good  approach,  security  experts  say,  as  cybercrimi¬ 
nals  continually  adjust  their  patterns  and  tools.  Not  only  that, 
but  most  are  steps  that  every  CIO  could  take  today  without 
spending  a  ton  of  money. 

Within  each  of  the  20  controls  is  an  explanation  of  how  attack¬ 
ers  can  exploit  the  area  and  steps  you  can  take  to  prevent  that, 
ranging  from  quick-win,  simple  tasks  to  advanced  methods 

The  U.S.  Department  of  State  has  been  testing  the  guidelines 
for  several  months.  John  Streufert,  State’s  chief  information 
security  officer  and  the  deputy  CIO  for  information  security,  has 
mapped  real  security  attacks  that  he  has  recently  experienced  to 
Gilligan’s  controls  to  determine  whether,  if  a  given  recommenda¬ 
tion  had  been  in  place,  it  would  have  had  any  effect.  No  private- 
sector  companies  have  tested  the  guidelines,  Gilligan  says,  but  he 
is  talking  with  several  federal  CIOs  about  doing  so.  The  Nuclear 
Regulatory  Commission  is  also  piloting  the  guidelines. 

Malware  is  one  problem  lately  at  State,  Streufert  says.  Control 
number  12— malware  defenses— calls  for  such  tasks  as  checking 
machines  daily  for  updated  malware  protections  and  push¬ 
ing  out  updates  every  day.  IT  should  also  configure  machines 
to  scan  removable  devices  for  malware  upon  insertion  into  a 
laptop  or  PC.  Also  suggested  is  taking  a  firm  stand:  deploying 
network  access  control  tools  to  verify  security  configurations 
and  patch  compliance  before  granting  network  access. 

State  also  ran  scans  for  unauthorized  hardware  and  soft¬ 
ware  on  its  networks,  which  are  controls  number  one  and  num¬ 
ber  two.  Streufert  is  reluctant  to  say  how  much  malware  or  how 
many  unauthorized  devices  he  found,  or  estimate  the  cost  of  the 
problem.  But  by  using  Gilligan’s  20  techniques,  and  regularly 
measuring  and  improving  how  the  State  Department  staff  pro¬ 
actively  manages  security,  State  has  reduced  the  internal  risk 
scores  it  gives  itself  in  several  critical  areas  by  83  percent  over 
11  months,  Streufert  says. 

An  End  to  Checklist  Security 

Existing  federal  IT  security  regulations— namely  the  Federal 
Information  Security  Management  Act,  or  FISMA— often  man- 
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date  hundreds  of  items  to  check  off  on  a  list,  including  such 
basics  as  password  protection  for  sensitive  applications.  But 
FISMA  doesn’t  guide  IT  managers  about  what  kind  of  pass¬ 
word  works  best  (the  Consensus  Audit  Guidelines  call  for  12 
semirandom  characters  and  two-factor  authentication). 

“You  end  up  filling  out  long  forms  showing  you  comply 
but  you’re  not  necessarily  secure,”  says  Schultz  of  Emagined 
Security.  He  tells  the  story  of  a  national  laboratory  that  didn’t 
have  firewalls  protecting  its  network,  as  mandated.  But  the  lab 
passed  the  audit  by  convincing  the  auditor  that  routers  were  a 
worthy  substitute,  Schultz  says. 

“FISMA  is  a  waste  of  taxpayer  money,”  he  says.  “These  are 
not  standards  that  help  an  organization  stand  up  to  the  kinds 
of  attacks  that  occur  nowadays.” 

None  of  Gilligan’s  20  critical  controls  “is  advancing  the  state 
of  the  art,”  Gilligan  acknowledges,  meaning  that  many  security 
experts  could  come  up  with  a  similar  recommendations.  But 
the  fact  that  it’s  spelled  out  in  a  prioritized  list  and  known  to 
be  effective  in  protecting  IT  systems  removes  the  guesswork. 
Organizations  have  a  clear  rule  to  follow  and  a  procedure  for 
implementing  it,  monitoring  it  and  measuring  it  to  improve 
ongoing  security  protections. 

That’s  different  from  checklist  compliance.  “It’s  a  culture 
shift  we’re  advocating,”  Gilligan  says.  Measurement  of  progress 
is  key.  In  many  organizations— government  and  private  sector 


alike— fights  emerge  over  basic  definitions  of  “secure,”  never 
mind  how  to  achieve  it,  adds  CSC’s  Mintz.  When  he  was  CIO 
at  the  DoT,  he  says,  “it  became  clear  that  there  was  no  gener¬ 
ally  agreed  to  way  of  measuring  how  secure  we  were.  If  you 
considered  perfectly  secure  as  a  10  and  no  security  at  all  as 
a  one,  we  knew  we  were  above  a  one  and  below  a  10,  but  that 
was  about  it.” 

That’s  the  kind  of  situation  Obama  has  criticized.  “It’s  now 
clear  this  cyberthreat  is  one  of  the  most  serious  economic  and 
national  security  challenges  we  face  as  a  nation,”  he  said  in 
May.  “It’s  also  clear  that  we’re  not  as  prepared  as  we  should  be, 
as  a  government  or  as  a  country.”  (See  “Tough  Work  Ahead  to 
Defend  Digital  Infrastructure,”  Page  28.) 

Bigger  thinking  is  needed,  Obama  said.  “Just  as  we  failed 
in  the  past  to  invest  in  our  physical  infrastructure— our  roads, 
our  bridges  and  rails— we’ve  failed  to  invest  in  the  security  of 
our  digital  infrastructure.” 

Gilligan  knows  his  is  one  of  dozens  of  proposals  vying  for 
attention  from  the  Obama  administration,  including  ones  from 
various  industry  trade  groups  aimed  to  influence  whatever  new 
rules  emerge. 

The  Cost  off  Being  Secure 

In  government  and  in  corporate  America,  concerns  about 
immediate  cost  can  outweigh  concerns  about  long-term  safety. 
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We’re  looking  for  the  next  generation  of  standout  IT  leaders.  The 
CIO  Ones  to  Watch  Award  honors  the  rising  stars  in  IT— the  senior  staff 
destined  to  become  the  CIOs  of  the  future— as  identified  and  sponsored 
by  the  CIOs  of  today’s  leading  organizations. 


Apply 


Candidates  may  be  nominated  by  their  CIO  based  upon  several 
characteristics  including  the  proven  ability  to  lead  teams  and  change, 
drive  innovation  and  deliver  value  to  the  business.  Candidates  may 
also  nominate  themselves  or  be  nominated  by  a  colleague  -  all 
nominations  must  be  endorsed  by  a  CIO.  The  awards  are  judged  by 
a  panel  of  veteran  CIOs  experienced  in  leadership  development  and 
understand  the  characteristics  that  prepare  today’s  IT  managers  to 
be  tomorrow’s  successful  CIOs. 

Apply  today  at:  cio.com/otw 


Be  Seen  Winners  will  be  honored  during 

the  sixth  annual  CIO  Leadership 
Event  May  2-4,  2010,  at  the 
Broadmoor  in  Colorado  Springs, 
featured  in  the  May  issue  of  CIO 
magazine  and  online  at  cio.com 


Don't  Be  Late 


Nominations  accepted  through 
October  15.  For  more  information 
about  this  prestigious  program 
visit:  cio.com/cio-awards 


Produced  by 


CIO 


BUSINESS  TECHNOLOGY  LEADERSHIP 


In  partnership  with  sister  organization 


CIO 


CIO  Executive  Council 


Leaders  Shaping  the  Future  of  Business 


COVER  STORY  ::  Security 


"Think  off  the  Manhattan  Project  or  the  space 
race.  We  need  that  in  cybersecurity." 

-Eugene  H.  Spafford,  executive  director.  Center  for  Education  and  Research  in  Information  Assurance  and  Security 


“There  is  concern  that  fixing  some  of  the  security  problems  will 
be  expensive  and  harmful  in  the  economy,”  Spafford  says.  The 
Department  of  Homeland  Security,  for  example,  has  requested 
$918  million  for  fiscal  2010  for  information  technology.  That’s 
15  percent  more  than  2009  and  that’s  before  Obama  has  made 
any  cybersecurity  moves. 

In  health  care,  to  spur  providers  to  enter  the  21st  century, 
Obama  has  designated  $19.2  billion  in  stimulus  money  as  avail¬ 
able  in  return  for  building  electronic  medical  records,  comput¬ 
erized  order  entry  and  other  tech-enabled  medical  processes. 
Providing  such  incentives  to  banks,  power  companies  and 
transportation  providers  in  return  for  updating  their  security 
is  a  good  start,  says  Kurtz  of  Good  Harbor,  but  it  promotes  too 
much  short-term  thinking. 

“That  would  bring  us  back  to  checklists  again,”  he  predicts, 
as  companies  could  scramble  to  meet  minimum  requirements 
by  a  deadline  rather  than  plan  a  larger,  longer-term  strategy. 

Short-term  thinking  is  a  national  problem,  agrees  Spafford. 


Banks  please  shareholders  quarter  by  quarter.  Carmakers  can’t 
think  much  beyond  the  current  model.  And  look  what  hap¬ 
pened  to  those  industries.  To  average  citizens,  cybersecurity 
is  less  pressing  on  any  given  day  than  paying  the  mortgage, 
keeping  or  finding  a  job  and  avoiding  swine  flu.  Obama  has  to 
make  cyberpolicy  urgent  enough  to  overcome  “the  real  world,” 
as  Spafford  puts  it.  Spafford  and  other  security  experts  praise 
Obama  for  bringing  attention  to  the  digital  world  upon  which 
the  United  States  so  depends.  But  Obama’s  report,  which  urges 
government  and  industry  to  work  together  to  unify  security 
practices  and  metrics,  espouses  nothing  new.  They’re  hoping, 
rather,  for  inspiration  to  reach  new  heights. 

“We  need  high-intensity,  long-term  development  efforts,” 
Spafford  says.  “Think  of  the  Manhattan  Project  or  the  space 
race.  We  need  that  in  cyber  security.”  BE! 


Senior  Editor  Kim  S.  Nash  can  be  reached  at  knash@cio.com.  Follow 
her  on  Twitter  at  www.twitter.com/knash99. 
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"SunGard  was  willing  to  go  that  extra  mile. 
We  became  a  partner  to  the  customer  and 
worked  hand  in  hand  to  deliver  the 
customized  solution  they 
were  looking  for." 


Sandy  Koppelman 


10,000  customers,  tike  Sandy's,  rely  on  SunGard  Availability  Services  to  keep  their  information  up  and  running. 
With  services  like  AdvancedHostingSM,  they  have  access  to  secure,  scalable  solutions  without  taking  on  added 
work  and  costs.  As  the  leader  in  Information  Availability,  we  deliver  integrated  solutions  to  keep  your 
organization's  people  and  information  connected;  both  today  and  as  your  needs  evolve.  To  design  your 
solution,  visit  www.sungardservices.com/RL10  or  call  1-888-471-1816. 


SUNGARD 

Availability  Services 


Senior  Implementation 
Project  Manager 


SunGard  Availability 
Services 


SOUNDING  BOARD 

Let  Social  Nets  Bloom 

CIOs  advise  an  organic  approach  to  cultivate  Web  2.0  momentum  in  the  enterprise 

RICK  MEUSER,  SILGAN  PLASTICS 

USE  WORD  OF  MOUTH 

We  snuck  social  networking  into  our  enterprise,  rolling  out  Microsoft  Office  Com¬ 
municator  to  all  1,100  employees  without  fanfare  to  see  who  would  pick  it  up.  It  cer¬ 
tainly  helped  that  the  product  fully  integrated  with  our  e-mail,  but  it  only  took  a  few 
months  for  almost  half  of  our  business  users  to  embrace  the  technology  for  keeping  in 
touch  with  their  teams.  Since  they  discovered  the  benefits  on  their  own,  people  were 
enthusiastic  about  sharing  their  success,  and  those  who  weren’t  using  it  yet  saw  the 
advantages  in  daily  use  all  around  them. 

Our  IT  group  stepped  forward  then  with  official  internal  marketing  and  communi¬ 
cation  to  leverage  that  momentum.  We  also  took  advantage  of  those  who  were  driving 
that  adoption  to  test  the  MS  SharePoint  MySites  that  will  replace  our  intranet  ►  ►  ► 

The  CIO  Executive  Council  is  a  global  peer  advisory  service  and  professional  association 
of  more  than  500  CIOs,  founded  by  CIO's  publisher.  To  learn  more,  visit  council.cio.com. 
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Rick  Meuser, 

Director,  IT,  Silgan 
Plastics 


Drew  Martin, 

Senior  VP  and  CIO, 
Sony  Electronics 


Athelene 
Gieseman,  CIO, 
Stinson  Morrison 
Hecker 


ILLUSTRATION  BY  TERRI  HAAS 
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Personnel  Matrix 


and  make  it  easier  to  find  experts  spread  across  the  country. 
Since  these  are  the  people  who  are  familiar  with  public  social 
networking  sites,  it  was  simple  for  them  to  set  up  their  skill 
and  responsibility  profiles,  and  we’re  sure  they  will  broadcast 
the  benefits. 

DREW  MARTIN,  SONY  ELECTRONICS 

LET  USERS  INFORM  THE  EXPERIENCE 
Sony  employees  are  embracing  social  networking  technolo¬ 
gies  across  every  working  style  and  generation,  but  as  a  con¬ 
sumer  products  company,  we  knew  it  was  important  to  bring 
these  solutions  to  our  customers  as  well.  Our  forays  into  the 
public  Web  2.0  world,  however,  came  with  critical  lessons. 

We  initially  conceived  our  public  blog  to  be  a  two-way 
means  of  communication,  but  we  were  quickly  overwhelmed 
by  comments  voicing  opinions  and  seeking  answers  about  our 
products.  We  have  fundamentally  changed  how  we  approach 
that  space:  The  blog  is  now  complimented  with  a  community 
for  users  to  interact  with  us  or  with  each  other.  Interest  in  this 
from  our  business  groups  then  drove  us  to  choose  a  platform 
to  create  segment-specific  communities. 

It  also  became  obvious  that  we  are  no  longer  in  a  world  where 
if  you  build  a  terrific  site,  customers  will  come  to  you;  now  you 
have  to  fish  where  the  fish  are.  For  us,  that  means  establishing 
a  presence  on  everything  from  YouTube  to  Flickr,  and  even 
exploring  the  uses  of  virtual-world  environments,  which  we’re 
bringing  to  the  commercial  side  with  virtual  trade  shows. 

ATHELENE  GIESEMAN,  STINSON  MORRISON  HECKER 
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Models  for  IT 
Support 

Who:  Rajeev  Ravindran,  CTO 

JM  Family  Enterprises 

What:  A  method  for  managing 
IT  support  resources  across 
functional  lines 

Why:  JM  Family  Enterprises  ser¬ 
vices  car  buyers  and  owners  through 
sales  and  financing.  The  IT  operations  support  group 
that  stands  behind  that  service  is  often  in  fire-fighting 
mode,  and  the  company  needed  a  better  way  to 
respond  rapidly  and  flexibly  with  the  right  resources. 

How:  The  IT  support  matrix  models  enable  IT's  support 
leads  to  view,  select  and  assign  the  most  appropriate 
support  personnel  from  across  the  enterprise  based 
on  their  functional  associations  and  technical  skills  rat¬ 
ings.  If  a  problem  involves  security  on  the  network,  the 
assigned  support  lead  can  check  the  functional  matrix 
and  identify  personnel  aligned  with  network  systems 
as  well  as  with  security.  The  lead  has  the  authority  to 
pull  the  best-qualified  people  from  both  areas  and  pair 
them  up  on  the  problem.  If  the  problem  involves  a  tricky 
firewall  issue,  the  lead  can  also  consult  the  skills  matrix 
to  check  who  has  a  high  expertise  rating  in  firewalls. 

"The  concept  we  are  striving  for  is  'One  Manage¬ 
ment  Team,"'  Ravindran  says.  "The  matrix  and  the 
authority  invested  in  the  support  leads  make  the  con¬ 
cept  a  reality." 


LEARN  HOW  TO  RELINQUISH  CONTROL 
Web  2.0  requires  that  you  turn  over  the  experience  to  the 
end  user.  That’s  not  normal,  nor  is  it  comfortable,  for  IT  depart¬ 
ments.  Even  with  confidentiality  at  top  of  mind,  many  of  our 
attorneys  were  excited  to  use  these  tools  for  business.  It  was 
disconcerting  to  find  that  we  were  in  the  role  of  business  “dis- 
ablers”  because  of  security  or  other  concerns. 

No  matter  how  much  we  read  about  social  networking,  there 
is  no  way  to  know  how  solutions  will  or  will  not  fit  in  your  envi¬ 
ronment  until  you’ve  gotten  out  there  and  used  them.  With 
Web  2.0,  it’s  easy  to  do  that.  In  addition,  we  plan  to  establish 
a  task  force  to  gather  best  practices  from  our  people.  We  have 
found  that  some  who  have  two  Facebook  accounts  want  to  use 
pseudonyms  for  one,  and  we  now  need  to  decide  whether— or 
under  what  circumstances— a  pseudonym  can  be  used  for  offi¬ 
cial  firm  communications.  We’re  also  looking  at  the  possibilities 
demonstrated  by  a  decision  by  one  state’s  bar  association  to 
accept  credits  from  a  class  taught  in  Second  Life. 

As  CIOs,  we  all  know  there  needs  to  be  some  level  of  control 
in  a  corporate  environment,  but  these  technologies  are  designed 
to  thrive  without  central  oversight.  We  must  experience  that  to 
draw  our  own  line  without  diminishing  their  benefit. 
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To  download  the  tool,  go  to  the 
connect  box  at  council.cio.com. 


Mid-Market  ClO/Vendor  Relations 


ooo 

ooo 
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Live  Council  Teleconference 

July  15, 4:00  p.m.-5:00  p.m.  U.S./Eastern 

A  panel  of  IT  leaders  from  mid-market  companies 
describes  their  most  effective  practices  for  building 
better  relationships  with  IT  vendors  large  and  small. 


PANELISTS 

►  Cindy  Warkentin,  CIO,  Maryland 
Automobile  Insurance  Fund 


►  Susan  Faulkner,  Director  of  IS 
and  Technology,  Bluewave  Energy 


►  Michael  Kohlman,  IS  Manager, 
Cook  Group 


To  register 
goto  council. 
cio.com. 


o 
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►  Chris  Kohl.  VP  and  CIO,  Vertex 
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Inside  the 
Change 
Studio 

Quintiles  Transnational  CIO 
Bill  Deam  casts  users  in  the 
act  of  business  transformation 


What's  a  good  way  to  ensure  acceptance  of  process  transformation? 


A  method  I  am  using  to  I 
achieve  transformation 
and  acceptance  in  one 
go  is  with  two  pro¬ 
grams  running  in  paral¬ 
lel,  One  determines  the 
"to-be"  process  and  the 
other  focuses  on  get¬ 
ting  people  to  want  to 
work  the  new  way.  We 
use  this  parallel  pro¬ 
cess  because  the  two 
groups  influence  and 
support  each  other.  It 
does  us  no  good  to  run 
with  a  new  idea  from 
the  process-defining 
group  if  the  change- 
management  group 
finds  it  impossible  to 
move  people  from  the 
old  process  to  the  new. 

Our  goal  is  to  reduce 
by  at  least  20  percent 
the  time  it  takes  to  test 
and  approve  new  drugs. 

In  my  experience,  this 
level  of  transformation 
can't  be  driven  by  us 


in  IT  saying,  "Here  is  a 
new  system  that  works 
this  way."  The  people 
on  the  front  line  must 
determine  how  to  strip 
out  complexity  and 
improve  their  workflow, 
and  IT  supports  them. 

Think  Visually 

On  the  process  side, 
we  set  up  a  group  of 
business-user  domain 
experts  in  a  big  room 
with  whiteboard- 
painted  walls  to  work 
out  the  end-to-end  "to- 
be"  state.  The  experts 
outlined  the  current 
model  on  one  wall  and 
spent  several  months 
with  that  informa¬ 
tion  all  around  them 
for  reference  as  they 
negotiated  the  creation 
of  the  "to-be"  state. 
They  then  mapped  pro¬ 
posed  processes  on  the 
opposite  wall,  drawing 


connections  between 
new  and  old. 

The  function  leaders 
who  walk  through  the 
mapped-out  process  to 
validate  the  changes 
love  this  approach, 
People  want  to  under¬ 
stand  their  new  roles, 
not  what  a  new  system 
will  look  like. 

Act  Out 

At  the  same  time, 
our  second  group  has 
been  working  out 
what  individuals  must 
change  to  perform  the 
to-be-state  processes. 
They  do  this  by  walk¬ 
ing  through  the  new 
processes  in  labs  that 
mirror  the  existing 
environment-from 
clinical  monitors  to  call- 
center  personnel. 

This  is  particularly 
useful  when  the 
domain  experts  aren't 


S  sure  about  a  new  pro¬ 
cess.  The  experience  of 
the  "actors"  informs  the 
necessary  changes  in 
a  way  that  hypotheti¬ 
cal  never  could.  And 
if  something  doesn't 
work  the  way  the 
experts  expect,  that 
process  is  sent  back  to 
the  whiteboard  team  to 
have  another  go. 

No  matter  your 
method,  your  mantra 
should  be,  "Try,  learn, 
adapt."  Take  advantage 
of  users  and  their  ideas 
to  ensure  a  better  result 
and  level  of  acceptance. 
Everyone  wants  to  be 
part  of  a  process  they 
helped  improve. 


Deam  is  executive  VP  and 
CIO  at  consultancy  Quin¬ 
tiles  Transnational  and 
a  Council  advisor,  E-mail 
mentor  topics  to  connect@ 
cio.com. 
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PHOTO  COURTESY  OF  QUNITILES  TRANSNATIONAL 


Converged  Solutions  from  Sprint  uses  a  flexible  IP  core  for  your  company’s  voice,  video  and  data 
communications.  With  technology  like  Mobile  Integration,  your  mobile  has  all  the  functions  of  your 
desk  phone.  So  you  and  your  workforce  can  adapt  to  just  about  every  situation  you  find  yourself  in. 


■■  V 


Give  your  company  the  flexibility  to 
adapt  to  any  business  environment. 


©2009  Sprint.  Sprint  and  the  logo  are  trademarks  of  Sprint.  Other  marks  are  the  property  of  their  respective  owners. 


►  LEAD  LESSONS  FROM  THE  C-SUITE 


Stumble  and  Recover 

How  the  CIO  of  Santander  Consumer  USA  restored  his  right  to  be  strategic 

BY  DON  GOIN 


If  only  all  problems  could  be  solved  in  one  meeting 
with  the  CEO.  My  team  had  done  an  admirable  job 
of  becoming  more  strategic  and  partnering  with  the 
business.  But  then  when  the  business  was  relying 
on  us  most,  we  blew  our  credibility  and  experienced 
a  real  possibility  of  losing  our  strategic  ground. 

In  late  2007,  Santander  Consumer  USA  entered  into 
a  period  of  high  change  across  the  company,  and  we  were 
really  stepping  on  the  gas.  For  the  past  few  years,  IT  had 
become  involved  in  a  more  strategic  role  and,  in  many 
cases,  we  were  in  the  driver’s  seat  for  long-term  business 
solutions  and  customer  interaction.  But  this  time,  the 
company’s  operational  mode  was  different,  and  we  started 
feeling  pressure  from  the  business  units  to  perform  with 
more  precision  to  ensure  stability.  In  previous  years,  my 
peers  in  customer-facing  leadership  roles 
were  accepting  of  a  higher  defect  rate  in 
exchange  for  rapid  delivery.  Now  we  were 
being  asked  to  deliver  quickly  and  have 
zero  defects. 

As  market-driven  initiatives  ramped 
up  and  demand  increased,  we  stumbled 
on  the  run  side,  and  I  found  myself  fight¬ 
ing  against  being  forced  to  temporarily  give 
up  our  strategy  role.  Negative  perceptions 
of  our  operational  capability  compounded 
the  situation,  undermining  the  competent 
image  that  had  earned  us  a  shot  as  a  more  strategic  driver. 

I  found  my  solution  in  an  effort  already  underway.  I  had 
been  assessing  our  IT  capability  using  the  CIO  Executive 
Council’s  Future-State  CIO  Model,  which  illustrates  how 
CIOs  serve  the  business  from  a  tactical/operational  role 
through  a  strategy-oriented  role.  That  helped  crystallize 
the  problem,  and  I  realized  what  I  had  to  do. 

First  I  pledged  to  my  business  peers  that  IT  would  put 
a  renewed  focus  on  systems  operations  and  support  and 
on  laying  out  key  metrics  to  measure  improvement.  I  also 
explained  the  importance  of  IT’s  presence  in  strategic  con¬ 
versations  if  we  were  going  to  develop  and  implement  solu¬ 
tions  that  would  serve  Santander  well  into  the  future. 


I  did  not  expect  our  CEO  to  be  as  easy  to  convince,  despite 
our  close  relationship.  I  used  the  Future-State  model  (see 
council.cio.com/programs/future_state.html)  to  visualize  why 
IT  needed  to  not  only  deliver  operational  excellence  but 
continue  to  be  part  of  the  strategic  planning.  That  model 
outlines  three  general  areas  of  focus  for  CIOs: 

■  Function  Head:  focused  on  activities  facing  the  IT 
organization,  which  are  intended  to  achieve  IT  operational 
excellence; 

■  Transformational  Leader:  focused  on  creating 
change  for  the  enterprise  through  close  partnerships  with 
business  operations  and  cross-functional  corporate  depart¬ 
ments;  and 

■  Business  Strategist:  focused  on  driving  business 
strategy  for  competitive  advantage. 

I  pointed  out  that  while  a  Function  Head 
CIO  could  deliver  great  service,  my  team  and 
I  needed  to  also  operate  as  Business  Strate¬ 
gists  in  order  to  provide  systems  and  support 
that  would  satisfy  more  than  the  short-term 
needs.  We  needed  the  time  and  space  to  both 
assess  the  impact  of  our  market-driven  solu¬ 
tions  and  to  think  long-term  about  service 
sustainability. 

It  took  that  visualization  for  the  CEO 
and  me  to  reach  a  renewed  understanding. 
Without  a  model  to  guide  me  in  how  to  guide 
him,  I  doubt  I  would  have  brought  him  to  this  point  that 
quickly. 

I  have  also  come  to  realize  that  business  alignment  isn’t 
just  about  capturing  business  objectives  and  driving  them 
down  into  the  IT  organization.  Business  alignment  is  about 
adapting  to  the  changing  needs  of  the  business  and  oper¬ 
ating  as  one  executive  team.  I  have  to  be  prepared  to  be  a 
function  head,  a  transformational  leader  and  a  business 
strategist,  and  employ  varying  emphasis  in  these  areas  to 
adapt  to  the  business  needs  as  they  change  over  time. 


Don  Goin  is  CIO  of  Santander  Consumer  USA,  an  auto  loan  finance 
company,  and  a  member  of  the  CIO  Executive  Council. 
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CIOs  Seek  to  Control,  Improve  SharePoint  investments 


■  Organizations  are  reaping  the  benefits  of  using  Microsoft  SharePoint.  But  challenges 

persist  and  CIOs  are  seeking  ways  to  gain  greater  value  from  the  technology, 
according  to  a  recent  IDG  Research  Services  survey. 


Among  the  many  business  benefits  in  using  SharePoint 
is  greater  collaboration  resulting  in  increased  productiv¬ 
ity.  SharePoint’s  user-friendly  interface  and  structure  en¬ 
able  employees  at  all  levels  to  build  document-sharing 
sites  and  streamline  business  processes. 

The  downside:  Rapid  adoption  of  SharePoint-related 
tools  can  result  in  an  overload  of  sites  and  duplicate 
documents.  Often,  sites  sit  dormant,  and  a  multitude  of 
documents  increases  storage  costs;  both  situations  cre¬ 
ate  concern  for  IT  executives. 

These  benefits  and  challenges  are  highlighted  by  CIOs 
and  IT  leaders  in  a  recent  study  conducted  by  IDG  Re¬ 
search  Services,  on  behalf  of  Open  Text  Corp.,  a  leading 
enterprise  content  management  software  provider.  The 
survey  reveals: 

■  62  percent  of  CIOs  and  IT  leaders  view  SharePoint  as 
critical  to  their  IT  infrastructure; 

■  55  percent  report  that  SharePoint  challenges— 
including  duplicate  or  multiple  document  versions 
and  difficulty  searching  sites— have  had  an  impact 
on  their  businesses. 

"I  think  that  in  most  organizations,  SharePoint  has 
grown  sometimes  in  an  unchecked  and  unmanaged 
way,  sometimes  underneath  the  purview  of  IT  man¬ 
agement,"  says  Ed  Durst,  the  portfolio  manager  of 


Users'  Top  SharePoint  Pain  Points 


Difficulty  searching  multiple  SharePoint  sites  if 


Duplicate  documents/multiple 
content  versions 

Unclear  content  audit  trail 
inability  to  get  a  single,  accurate  case  view 


43% 

42% 


33% 


Difficulty  distributing  digital  content  jj| 


incorrect  information  published  on  websites 

inability  to  view  SAP  documents 
on  SharePoint 

Loss  of  original  content 


18% 

17% 


SOURCE:  IDG  Research  Services,  April  2009 


the  Microsoft  Solutions  Group  at  Open  Text  Corp.  He 
continues,  “I  believe  there’s  a  desire  to  gain  back  control 
of  that  infrastructure.” 

Indeed,  33  percent  of  CIOs  and  IT  leaders  report  they 
are  actively  seeking  a  technology  solution  to  help  them 
reap  the  benefits  of  SharePoint  while  maintaining  con¬ 
trol  of  these  environments. 

MANAGEMENT  CHALLENGES 

According  to  the  IDG  study,  86  percent  of  organiza¬ 
tions  use  SharePoint  primarily  for  document  manage¬ 
ment.  Yet  the  volume  of  documents  is  creating  some 
headaches;  42  percent  of  CIOs  and  IT  leaders  say  that 
duplicate  documents,  some  of  them  with  content  that  is 
obsolete,  are  littering  their  SharePoint  environments. 

“We  do  have  a  lot  of  project  teams  that  are  maintain¬ 
ing  SharePoint  sites,  and  data  just  kind  of  stays  there 
forever,  so  cleanup  has  been  an  issue  for  us,”  says  David 
DeWall,  a  senior  IT  executive  for  Erie  Indemnity  Co.,  a 
publicly  traded  insurance  company  based  in  Erie,  Pa. 

Other  challenges  lie  in  the  inherent  decentralization  of 
information  in  SharePoint.  This  manifests  itself  when 
teams  struggle  to  find  important  content  among  sepa¬ 
rate  sites.  For  example,  43  percent  of  respondents  say 
employees  have  difficulty  searching  for  documents  and 
other  content  across  SharePoint  sites. 

Offsetting  all  these  challenges  is  the  inherent  value  that 
IT  leaders  report  from  their  SharePoint  investments.  For 
example,  they  say  that  access  to  quality  information  is 
enabling  better  and  faster  decision-making,  as  well  as 
improved  productivity  and  time  savings.  And  it’s  these 
valuable  business  benefits  that  are  causing  them  to  seek 
SharePoint  remedies— both  internally  and  from  invest¬ 
ments  in  new  technology  solutions. 


Read  what  CIOs  and  IT  leaders  are  saying  about 
SharePoint  by  downloading  the  white  paper  titled 
"Optimizing  SharePoint  for  Business  Advantage" 

at  www.cio.com/whitepapers/opentext. 
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Wish  You  Weren't  Here 

Do  everyone  a  favor  and  take  your  vacation  by  kim  s.  nash 

Stress  necessitates  rest,  and  yet  a  recessionary  pressure-cooker  of  a  workplace  has  some  IT 
leaders  scared  to  take  their  due  vacation  time. 

According  to  Expedia’s  2009  vacation  survey,  about  one-third  of  U.S.  workers  don’t  use  all  of 
their  vacation  days.  And  an  informal  query  of  our  own  CIO  Forum  on  Facebook  reveals  a  certain 
bitterness  about  vacation  plans  (or  lack  thereof). 

“Vacation?  Ha!”  says  Shawn  Beighle,  CIO  of  International  Republican  Institute,  a  nonprofit  that 
helps  to  advance  democracy  worldwide.  “My  boss  has  been  on  me  to  take  more  time  off,  and  though 
I  know  he’s  sincere,  there’s  just  too  much  to  do,”  Beighle  says. 

Others,  though,  have  conceded  that  skipping  vacation  is  counterproductive.  Constant  work 
inhibits  calm,  clear  thinking  and  the  generation  of  fresh  ideas,  says  Jason  Paulsen,  a  project  man¬ 
ager  at  MAC  Cosmetics.  “Vacation  gives  you  a  chance  to  come  back  to  tasks  with  a  new  ►  ► 
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perspective  and  more  energy.” 

Darrel  Raynor,  interim  CIO  and  founder  and  managing 
director  of  turnaround  consultancy  Data  Analysis  &  Results, 
plans  to  take  his  family  twice  this  summer  (four  times  a  year) 
to  their  timeshare  in  Mexico.  “Have  to  have  that  balance,”  he 
says.  Swine  flu  be  damned. 

Indeed,  CIOs  can  and  should  set  a  healthy  example  by  taking 
time  off,  says  Diane  Morello,  a  vice  president  and  fellow  at  Gartner. 
Perhaps  not  a  decadent  three  weeks  in  Bali,  she  says,  but  cer¬ 
tainly  a  solid  week  at  a  time  and  weekends  bracketed  by  extra 
vacation  days  is  reasonable. 

Doing  so  shows  you’re  a  leader  who  values  work-life  balance 
and  that  you  trust  your  group  to  work  well  even  when  you’re 
not  there.  “If  you’ve  spent  the  time  in  advance  to  lay  out  an  effec¬ 
tive  organization,  urgent  issues  can  be  handled  by  a  path  other 
than  one  through  you,”  she  says. 

Still,  unease  has  set  in  as  IT  work— and  layoffs— continue. 

“With  increased  demands  to  do  more  with  less  and  the  fact 
that  we  are  so  short-staffed,  I’m  not  in  the  position  to  take  long 
vacations,”  says  Steve  Tomasco,  director  of  IT  at  Flagship  Credit. 
“I  constantly  feel  like  I  am  running  uphill  and  I  don’t  want  to  let 
anything  get  past  me.” 

Even  extended  weekends 
find  Tomasco  connected  to  the 
office  via  BlackBerry,  he  says. 

“Never  really  leaving  the  office 
has  become  the  norm.” 

Jay  Hall,  manager  of  infor¬ 
mation  systems  at  the  Missouri 
National  Education  Association, 
a  public  school  advocacy  group, 
typically  takes  just  12  of  his  25 
allotted  days  off.  He  sells  back  the  rest  but  acknowledges  “it 
takes  a  tremendous  toll  on  my  motivation  at  work.”  When  he 
does  vacation,  he’s  exhausted,  he  says,  adding  that  he  once  fell 
asleep  while  snorkeling  in  Jamaica. 

The  balance  was  similarly  skewed  at  import-export  firm 
GHY  International  until  it  actually  forced  its  employees  out 
the  door.  These  days,  GHY  is  considered  among  Canada’s  best 
places  to  work,  but  in  2006  it  was  so  bad  that  vice  president  of 
IT  Nigel  Fortlage  took  just  25  percent  of  his  due  time  off  and 
saw  the  rest  of  his  group  follow  suit. 

“IT  was  the  worst  for  not  taking  holiday  time,”  he  says.  “And 
it  took  two  years  to  get  all  holiday  time  caught  up.” 

Despite  smaller  staffs  and  added  pressure,  the  time  to 
make  a  vacation  push  may  be  now.  As  busy  as  we  are,  the  pace 
will  quicken  when  the  economy  rebounds,  notes  Gartner’s 
Morello.  CIOs  should  know  that,  she  says,  and  keep  their  teams 
“refreshed”  with  regular  time  off. 


As  busy  as  we 
are  right  now, 
the  pace  will 
quicken  when 
the  economy 
rebounds. 

-Diane  Morello,  Gartner 


Senior  Editor  Kim  S,  Nash  can  be  reached  at  knash@cio.com.  Follow 
her  on  Twitter  at  twitter.com/knash99. 


How  can  I  get 
recruiters  to  call  me 
with  great  jobs? 

COACH:  MARK  POLANKSY. 

SENIOR  CLIENT  PARTNER  &  MANAGING  DIRECTOR 
I.T.  OFFICERS  PRACTICE,  KORN/FERRY  INTERNATIONAL 

0  Always  try  to  target  a  single  recruiter  within  a 
particular  firm  rather  than  throw  out  a  wide  net  to 
many  recruiters  at  a  firm.  Building  a  personal  relation¬ 
ship  with  a  recruiter  is  not  your  goal.  Your  goal  is  to 
be  recognized  by  a  recruiter  as  a  standout  and  highly 
qualified  candidate. 

Do  your  homework  and  identify  the  recruiter  who 
is  most  appropriate  for  your  background.  If  possible, 
network  through  someone  who  knows  that  recruiter 
and  can  make  a  personal  introduction.  Cold  calls  don't 
usually  yield  the  best  results. 

Follow  up  with  a  brief  e-mail  with  your  resume 
attached.  Always  be  transparent  and  honest  when 
you're  making  claims  in  your  resume,  says  Polansky. 
"We  will  check  you  out  and  will  not  want  to  represent 
folks  who  seem  to  have  exaggerated  or  expanded 
upon  their  experiences." 


□ 

□ 


L  Sometimes  you  can  stand  out  by  sharing  infor¬ 
mation,  market  knowledge  or  contacts  with  recruiters. 
This  allows  you  to  maintain  contact  with  a  group  of 
recruiters  you  may  be  targeting  while  showing  them 
that  you  know  what's  happening  within  your  industry. 
By  being  helpful,  you  stay  top  of  mind  when  good  jobs 
come  along. 


0  Never  ignore  a  recruiter's  call-you  may  need  that 
connection  some  day.  Even  if  you  are  not  interested  in 
hearing  about  new  opportunities,  be  responsive  and 
offer  referrals  whenever  possible. 

Do  not  feign  interest  in  a  job  simply  to  get  face 
time  with  a  recruiter.  You  will  not  be  taken  seriously 
the  next  time  a  potential  job  comes  up.  You  also 
do  not  want  to  be  too  narrow  in  your  job  search 
focus  in  this  economy.  You  may  inadvertently  limit 
your  options. 


Mark  Polansky  has  worked  in  the  field  of  executive 
search  for  more  than  25  years,  extensively  recruiting 
CIOs,  CTOs  and  other  senior  IT  leaders. 
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Take  Your  Career  Global 

Time  spent  working  abroad  can  lead  to  great  growth  opportunities 


BY  MARTHA  HELLER 


j 


At  barely  25  years  old,  the  CIO  profession 
is  still  young.  We  can’t  yet  define  a  standard 
CIO  career  path,  but  we  can  identify  some 
critical  experiences.  And  working  outside 
one’s  own  country  is  one  of  them. 

It  may  seem  easy:  Convince  the  family  it’s  time  to  move, 
raise  your  hand  for  a  plum  assignment,  pick 
up  a  copy  of  Saudi  Arabia  for  Dummies  and 
book  your  flight.  But  life  as  an  ex-pat  CIO  can 
be  harder  than  it  looks. 

Know  your  personal  limits.  In  1997,  Curt 
Petrucelli  moved  from  Pfizer’s  U.S.  IT  organi¬ 
zation  to  run  European  IT  in  Brussels.  “With 
the  company  globalizing,  I  realized  that  I  could  not  compete 
for  senior  roles  if  I  never  left  New  York  City,”  says  Petru¬ 
celli,  now  U.S.  CIO  of  AstraZeneca. 

“My  first  step  was  to  talk  with  my  family  about  loca¬ 
tion,”  says  Petrucelli.  “This  way,  when  opportunities  arose, 
I  could  be  clear  about  my  availability.” 

Brussels  proved  to  be  the  right  fit  for  Petrucelli.  He  not 
only  returned  to  the  states  with  a  broadened  cultural  per¬ 
spective,  he  believes  the  experience  was  “one  of  the  reasons 
I  was  hired  for  the  AstraZeneca  role.” 

Acclimate  before  you  manage.  “The  first  six  months 
is  a  significant  adjustment  as  your  family  acclimates  and 
you  do  your  new  job  and  maintain  ties  back  home,”  says 
Petrucelli.  “If  you  plan  for  managing  your  time,  it  will  help 
when  the  pressure  hits.” 

Ten  years  ago  Pieter  Schoehuijs  left  his  job  with  IBM 
in  the  Netherlands  and  moved  to  Texas  as  Flowserve’s  IT 
director.  Six  years  later,  he  became  CIO  of  Engelhard,  then 
BASF  and  then  Church  &  Dwight  in  2007.  He’s  learned  to 
leave  time  to  adapt. 


“The  culture  of  your  company  will  be  grounded  in  the 
culture  of  the  country,”  says  Schoehuijs.  “Arrive  a  few  weeks 
early  and  get  to  know  the  culture  before  you  start  work.” 

For  example,  you’ll  want  to  learn  the  appropriate  tone 
to  take  during  performance  reviews  and  how  a  particular 
country  tends  to  handle  letting  people  go.  “There  are  cul¬ 
tural  nuances  that  impact  workforce  manage¬ 
ment,”  says  Schoehuijs.  “If  you  don’t  get  them 
right,  you  can  cause  problems.” 

Mike  Capone,  CIO  of  ADP,  joined  the 
company  out  of  college  and  rotated  through 
everything  from  product  development  to 
finance  to  IT  before  being  selected  for  a  team 
needed  to  integrate  a  large,  overseas  acquisition.  He  sug¬ 
gests  CIOs  rely  on  old  networks  as  well  as  build  new  ones 
while  they  settle  into  a  new  job  overseas. 

“You  will  face  situations  you’ve  never  faced  before,”  says 
Capone.  ‘“How  do  you  set  up  call  centers  in  central  Europe? 
How  do  you  attract  local  talent?’  I  relied  on  my  networks 
to  compare  notes.” 

Capone  found  new  relationships  with  tax,  treasury  and 
real  estate  locals.  “People  I  had  never  worked  with  became 
my  best  friends.  Take  them  out  to  dinner  early,”  he  says. 

Question  everything.  “You’ll  find  some  deep  cultural 
assumptions  about  what  you  can  do  with  your  operations,” 
says  Capone.  “People  may  assume  a  service  doesn’t  sync  up 
with  a  country’s  regulations,  but  have  never  checked.  You 
may  find  a  different  answer.” 


Martha  Heller  is  managing  director  of  the  IT  Leadership  Practice 
at  ZRG  Partners,  an  executive  recruiting  firm.  You  can  reach  her 
at  mheller@zrgroup.com  or  read  her  columns  at  www.cio.com/ 
author/41283. 


Life  as  an 
ex-pat  CIO 
can  be  harder 
than  it  looks. 


Quick  Fix  ■  ■  ■  Bake  Cookies,  Boost  Morale:  According  to  a  recent  national  survey  of 
CFOs  by  Accountemps,  68  percent  have  taken  steps  to  boost  morale  in  the  last  year.  With  money 
tight  and  layoffs  frequent,  free  pizza  or  a  cookout  with  hot  dogs  and  hamburgers  can  go  a  long 
way  in  bringing  stressed  employees  together  for  some  camaraderie  and  sustenance. 
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Apply  to  the  2009  Service  Oriented 
Architecture  (SOA)  Case  Study  Competition 


The  Competition 

•  Sponsored  by  the  SOA  Consortium™  and  CIO  magazine, 

the  competition  is  open  to  organizations  of  all  sizes  which  have 
successfully  delivered  business  or  mission  value  using  an 
SOA  approach. 

•  Submissions  are  being  accepted  through  July  20,  2009. 

The  Exposure 

•  Winners  will  be  announced  at  the  SOA  Consortium  meeting  in 
September  and  featured  in  a  fall  issue  of  CIO  magazine  and  on 
the  CIO  and  SOA  Consortium  Web  sites. 

The  Details 

•  Entries  will  be  judged  on  complexity  of  the  business  problem 
addressed,  the  ROI/business  value  achieved,  the  level  and 
sophistication  of  the  cross-organizational  collaboration, 

the  usage  of  SOA  approaches  and  supporting  technology 
and  lessons  learned. 

■  your  project  now  at  www.soa-consortium.org/contest-09.htm 
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Under  Pressure?  We  know  what  you're  facing.  We  are  CIOs 
from  500  companies  around  the  world  dealing  with  the  same  strategic  and 
tactical  challenges. 

We're  helping  each  other,  one-on-one.  Join  us 

in  virtual  and  face-to-face  meetings,  and  via  new  and  shared  content  --  to 
to  save  money,  avoid  mistakes,  bring  new  ideas  to  the  business,  build 
morale  and  develop  our  leadership  teams.  Visit  council.cio.com 

to  sample  some  of  that  content  and  register  for  select  upcoming  meetings. 


You  don't  have  to  go  it  alone.  http://council.cio.com 


CIO  Executive  Council 

Leaders  Shaping  the  Future  of  Business 


CIO  magazine's  CIO  Executive  Council  is  a  dues-based  professional  association  of  hundreds  of  the  world’s  leading 
CIOs  who  together  form  the  most  unbiased  and  reality-tested  peer-advisory  resource  available.  We  have  no 
vendors,  no  consultants  or  analysts  and  no  hidden  agendas. 

For  information  on  membership,  please  visit  http://council.cio.com. 


Just  Chill 

It  may  be  summer  now,  but  on  New  Hampshire’s  Mt.  Washington,  it  just  about  always  feels  like  win¬ 
ter.  The  6,288-foot  mountain  boasts  a  near-constant  combination  of  severe  cold,  fog,  snow,  rain  and  high 
winds  (it’s  where  the  world’s  highest  surface  wind  speed— 231  miles  per  hour— was  recorded  on  April  12, 
1934).  On  the  summit,  a  rotating  crew  keeps  a  24-hour  record  of  the  weather  conditions.  “We  have  a  lot  of 
computers,  and  we  run  database  applications,”  says  Steven  Welsh,  whose  title,  IT  observer,  speaks  to  his 
dual  role  as  weather  observer  and  IT  manager.  There  is  also  a  radio  to  maintain  for  communicating  with 
the  valley  below,  as  well  as  connections  between  the  computers  and  weather  instruments.  “There’s  always 
stuff  breaking,”  Welsh  says.  “You  can  phone  someone  for  advice,  but  nobody  is  going  to  come  and  help  you.” 
In  bad  winter  weather,  repairs  may  have  to  wait.  When  the  winds  clock  over  90  m.p.h.  and  it’s  20  degrees 
below,  “if  you  take  your  mittens  off  for  just  a  few  seconds,  you’re  going  to  get  frost  bite.”  -Thomas  Wailgum 
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With  NetApp  at  the  heart  of  your  business,  you’ll 


GET  EXTREME  FLEXIBILITY 


without  an  extreme  learning  curve. 

Imagine  having  a  storage  architecture  flexible  enough  to  handle  application  data  at  every  stage,  from 
creation  to  archiving.  So  your  team  can  do  more,  without  having  to  learn  more.  You’ll  experience  our  commitment 
to  creating  storage  and  data  management  solutions  to  help  you  be  more  nimble  in  the  face  of  stiff  competition. 
Discover  how  we  can  help  your  business  go  further,  faster.  Visit  netapp.com/flexible. 

Wt  NetApp 

Go  further,  faster 


©  2008  NetApp.  All  nghts  reserved.  Specifications  are  subject  to  change  without  notice.  NetApp,  the  NetApp  logo,  and  Go  further,  faster  are  trademarks  or  registered  trademarks  of  NetApp,  Inc. 
in  the  United  States  and/or  other  countries.  All  other  brands  or  products  are  trademarks  or  registered  trademarks  of  their  respective  holders  and  should  be  treated  as  such. 


ALTERNATIVE  THINKING  ABOUT  SERVER  ECONOMICS: 


n  r  1*1 

Perform  like  a  superstar. 
Save  like  an  accountant. 


Now  more  than  ever,  you  need  your  money  to  work  harder.  With  the  new  generation 
of  HP  ProLiant  G6  Servers  with  Intel®  Xeon®  processor  5500  series  you  dramatically 
improve  energy  efficiency,  flexibility  and  performance.  And  more  reliability  in  each 
system  means  you  can  reduce  business  risk  as  you  increase  your  productivity. 

Decrease  your  IT  support  costs  to  an  absolute  minimum.  HP  Insight  Control  Suite  (ICE) 
will  help  you  to  reduce  operational  expenses  by  up  to  $48,380  per  100  users.* 

For  total  peace  of  mind,  HP  Care  Pack  Services  deliver  industry  leading  automated 


Xeon 

inside 

Powerful. 

Intelligent. 


HP  ProLiant  DL360  G6  Server 


>^,yoy  pave 

lease  for  just  $72/mo.*‘ 

Buffi) Buy  [PN:519567-005] 


24X7  system  monitoring,  diagnosis  and  fault  notification  to  protect  your  investment 
Making  you  and  your  business  shine. 

Technology  for  better  business  outcomes. 


V  V  : 


HP  ProLiant  BL460c  G6  Server  Blade 


HP  BladeSystem  c3000  Enclosure 


5500  Series 


1 44  GB  maximum  memory  fi 
Supports  up  to  8  small  form  I 
high-performance  SAS  hard 
HP  ProLiant  Onboard  Admin 
powered  by  Integrated  Light: 


$3,499  (Save  $2,319) 


$2,209  (Save  $375) 


Lease  for  just  $85/mo.‘  * 
M'.I.MB.  [PN:481657001] 


Lease  for  just  $54/mo.* 
PffffTfeuv  [PN:532020-B21] 


Special  0%  financing  for  up  to  36  months  also  available.1- 
To  learn  more,  call  l-866-625-0804orvisithp.com/go/G6superstar2 


‘Source:  IDC  white  Paper  sponsored  by  HP,  “Gaining  Business  Value  and  ROI  with  HP  Insight  Control'  Document  #210479,  feb  2008.  “Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  ore  subject  to  change  and  do  not  include  applicable  state  and  local 
taxes  or  shipping  to  recipient 's  oddress.  Offers  cannot  be  combined  with  anyother  offer  ordiscount  and  aregood  whilesupplies  last.  Allfeotured  offersavailable  in  U.S.  only.  Sovingsbosed  on  HPpublisbedlistpriceof  confiaure-to-order  equivalent  (Enclosure:  $5, 818-52, 319  instant  savings 
=  SmartBuy  price  of  $3,499;  BL  Server:  $2,584— $375  instant  savinas = SmartBuy  price  of  $2,209;  01  Server:  $3,692— $723  instant  savings = SmortBuy  price  of  $2,969.  Financing  available  through  Hewlett-Packard  financial  Services  Company  and  its  subsidiaries  (HPFSC)  to  qualified 
commercial  customers  in  the  U.S.  and  is  subject  to  credit  approval  ana  execution  of  standard  HPf  SC  documentation.  Prices  shown  are  based  on  a  leose  48  months  in  term  with  a  fair  maiket  value  purcnose  option  at  the  end  of  the  term  and  oie  valid  through  July  3 1 , 2009.  Other  rotes  upply 
for  other  termsond  transaction  sizes.  Financing  isovoilable  on  transactions  greater  thon  $349.  Other  chai  ges  and  restrictions  may  apply.  HPFSC  reserves  the  right  to  change  or  cancel  this  program  at  any  time  without  notice,  financing  available  through  Hewlett  Packard  financial  Services 
Componyond  its  subsidiaries  (HPFSC)  to  qualified  commercial  customers  in  the  US  and  Canada  and  is  subjectto  ciedit  opprovol  and  execution  of  standard  HPFSC  documentation.  Offer  valid  through  July  31, 2009  on  transactions  in  the  United  States  between  $1,500  and  SI  50,000  USD 
and  in  Canado  between  $5,000  CAD  and  $150,000  CAD.  Zero  percent  financing  assumes  transaction  is  documented  os  a  lease  with  a  $1  end-of-term  purchose  option  (oi  locol  countiy  equivalent),  assuming  lessee  is  not  required  to  pay  any  nominal  end-of-term  purchase  price  at  the  end 
of  the  leose  term  and  disregarding  any  changes  payable  by  lessee  other  than  rent  payments  such  os  maintenance,  taxes,  fees  and  shipping.  This  offer  cannot  be  combined  with  any  othei  rebate,  discount  or  promotion  without  prior  approval  by  HP  and  HPFSC.  Rotes  oie  based  on  customer's 
credit  mting,  financing  terms,  offering  types,  equipment  type  and  options.  Not  all  HP  products  ate  eligible  for  the  036  leose  rate.  Not  all  customers  may  qualify  for  these  rates.  Other  restrictions  may  apply.  HPFSC  reserves  the  right  to  change  oi  cancel  this  program  at  any  time  without  notice 
Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are  trademarks  of  Intel  Corporation  in  the  U.$.  and  other  countries. 

*©2009  Hewlett-Packard  Development  Company,  L.P.  Ihe  information  contained  herein  is  subject  to  change  without  notice. 


